You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The code does not use the setPermissionRequestHandler function to prevent the renderer from accessing systems such as using the webcam and notification system.
As specified in Electron’s documentation: By default, Electron will automatically approve all permission requests unless the
developer has manually configured a custom handler. While a solid default, security-conscious developers might want to assume the very opposite.
This is the opposite of a browser such as Chrome who asks the user for permission. Inlisk-desktop this is not the case and may allow an attacker who can inject javascript in the application to silently record audio and video.
Description
The code does not use the setPermissionRequestHandler function to prevent the renderer from accessing systems such as using the webcam and notification system.
As specified in Electron’s documentation: By default, Electron will automatically approve all permission requests unless the
developer has manually configured a custom handler. While a solid default, security-conscious developers might want to assume the very opposite.
This is the opposite of a browser such as Chrome who asks the user for permission. Inlisk-desktop this is not the case and may allow an attacker who can inject javascript in the application to silently record audio and video.
Reference
https://www.electronjs.org/docs/latest/tutorial/security#5-handle-session-permission-requests-from-remote-content
The text was updated successfully, but these errors were encountered: