New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Armcord 3.2.4 still uses vulnerable Electron 26.1.0 #471
Comments
There's a unstable release with Electron 27 Beta 2 which appears to patch it according to change logs. I'm waiting for a stable E27 release first for it to be on a stable tag |
I feel like stability should quite frankly be thrown out the window here. This is a dead easy exploit to use, and all it takes is a few script kiddies before someone's device is done for. I guarantee there will be script kiddies posting this all over Discord within days. |
Discord is most likely inherently not affected because all images are proxied through their media proxy which re-encodes images anyway In any case, a bump from |
26.2.1 indeed updated Chromium to a fixed version so this should be a very minor update and not requiring a wait for 27. (Without this update one should not trust this application. Even though Discord might re-encode uploaded files there are a couple other places one can easily imagine where images are displayed directly and not from Discord's servers...) |
This is not relevant anymore. |
Describe the bug
Latest Release still using the vulnerable Electron 26.1.0
Additional context
For more info, check NixOS/nixpkgs#254798 (comment)
The text was updated successfully, but these errors were encountered: