Affected versions of this package are vulnerable to Site Isolation Bypass.
parent_execution_origin_ is provided from parent's
RenderFrameHostImpl::last_committed_origin_ that is set during navigation commit. Worker creation IPC from the renderer to browser could race with navigation commit, and could see the wrong last committed origin.
electron to version 7.2.2, 8.2.1 or higher.
- Snyk ID
- 08 Apr, 2020
- 15 Apr, 2020