[slimsag]

Nothing, but if Slack was a web application and not an Electron application it would mean XSS would not immediately lead to RCE, you would need XSS and a vulnerability in the browser to get an RCE. Electron is basically that for you already: a vulnerable browser.

[wereHamster]

I refuse to use the Slack desktop app, and use Slack only through a web browser. I trust Chrome (Google), Firefox (Mozilla), Safari (Apple) far more than the Slack engineers.