CVE-2026-34774: Electron Use-After-Free in Offscreen Rendering
Plattform
nodejs
Komponente
electron
Behoben in
39.8.1
CVE-2026-34774 is a use-after-free vulnerability affecting Electron applications that utilize offscreen rendering and permit child windows via the `window.open()` method. This flaw can be triggered when the parent offscreen `WebContents` is destroyed while a child window remains open, leading to memory corruption or application crashes. The vulnerability affects Electron versions up to and including 39.8.1. A workaround is available by denying child window creation.
So beheben
Kein offizieller Patch verfügbar. Prüfe auf Workarounds oder überwache auf Updates.
Häufig gestellte Fragen
What is CVE-2026-34774?
CVE-2026-34774 is a use-after-free vulnerability in Electron that occurs when offscreen rendering is enabled and child windows are allowed, potentially leading to crashes or memory corruption.
Am I affected by CVE-2026-34774?
You are affected if your Electron application uses offscreen rendering (`webPreferences.offscreen: true`) and allows child windows via `window.open()`. Electron versions up to and including 39.8.1 are vulnerable.
How do I fix or mitigate CVE-2026-34774?
As a workaround, deny the creation of child windows in your Electron application to prevent the use-after-free condition. No official patch available.
Abhängigkeiten automatisch überwachen
Werde benachrichtigt, wenn neue Schwachstellen deine Projekte betreffen. Für immer kostenlos.
Kostenlos starten