Hacker News new | ask | show | jobs
by gruez 1540 days ago
>If your Electron app executes third party, remote code.

There's a high chance that it does because of embedded content/ads/iframes/in-app browsers.
2 comments
kentonv 1540 days ago
Are in-app browsers in Electron even secure in the first place? Does it use Chrome-style sandboxing with multiple processes, etc.? Do bugs in the Electron engine get patched in a timely fashion?

Genuinely asking here. I've never written an Electron app personally so I don't know how this stuff is done exactly, but the idea of in-app browsers in Electron apps sounds terrifying to me, security-wise.

link
mwcampbell 1540 days ago
Electron has been moving toward security by default in renderer processes, but Chromium sandboxing isn't yet enabled by default in these processes. More here: https://www.electronjs.org/docs/latest/tutorial/sandbox
link
mr_toad 1540 days ago
Which electron apps have embedded ads running third party JavaScript? That’s a huge security risk.
link