Skip to content

Commit

Permalink
Add WeChat and yesterday's news: [2021-04-20 Recent Chromium bug used…
Browse files Browse the repository at this point in the history
… to attack Chinese WeChat users](https://therecord.media/recent-chromium-bug-used-to-attack-chinese-wechat-users/)

[2021-04-20 Recent Chromium bug used to attack Chinese WeChat users](https://therecord.media/recent-chromium-bug-used-to-attack-chinese-wechat-users/)
  • Loading branch information
sickcodes committed Apr 20, 2021
1 parent 27d66c9 commit 0f43a1e
Showing 1 changed file with 3 additions and 1 deletion.
4 changes: 3 additions & 1 deletion README.md
Original file line number Diff line number Diff line change
Expand Up @@ -70,11 +70,13 @@ Official Application List: [https://www.electronjs.org/apps](https://www.electro
| **App** | **Sandbox** | **Built With** | **Source** | **Desktop Platforms** | **Risks** | **Other Examples** |
|---|---|---|---|---|---|---|
| [Slack](https://slack.com/) | Enabled | Electron |**Closed Source** | Windows, macOS, Linux | Untrusted desktop application without source code, but sandbox enabled. | [2020-09-28 XSS to HTML injection RCE](https://hackerone.com/reports/783877) |
| [Twitch](https://twitch.com/) | **DISABLED** | Electron |**Closed Source** | Windows, macOS | Untrusted desktop application without source code |
| [Twitch](https://twitch.com/) | **DISABLED** | Electron | **Closed Source** | Windows, macOS | Untrusted desktop application without source code |
| [VSCode](https://code.visualstudio.com/) | **DISABLED** | Electron | [https://github.com/microsoft/vscode](https://github.com/microsoft/vscode) | Windows, macOS, Linux | Untrusted VSCode extensions can execute malicious code on your computer. | [ZDNet: Malicious extensions](https://www.zdnet.com/article/microsoft-releases-emergency-security-updates-for-windows-and-visual-studio/), [CVE-2020-17023 package.json RCE](https://msrc.microsoft.com/update-guide/en-us/vulnerability/CVE-2020-17023), [CVE-2020-17022 Image based RCE](https://msrc.microsoft.com/update-guide/en-us/vulnerability/CVE-2020-17022) |
| [Signal](https://https://signal.org/) | **DISABLED** | Electron | [https://github.com/signalapp/Signal-Desktop](https://github.com/signalapp/Signal-Desktop) | Windows, macOS, Linux | A JavaScript based exploit would lead to RCE |
| [FB Messenger](https://www.messenger.com/desktop) | **DISABLED** | Electron | **Closed Source** | Windows | Any JS based exploit would lead to RCE. |
| [Microsoft Teams](https://code.visualstudio.com/) | **DISABLED** | Electron | **Closed Source** | Windows, macOS | Untrusted desktop application without source code. |
| [Keybase](https://keybase.io/) | **DISABLED** | Electron | [https://github.com/keybase/client](https://github.com/keybase/client) | Windows, macOS, Linux | A JavaScript based exploit would lead to RCE |
| [Discord](https://discord.com/) | **DISABLED** | Electron | **Closed Source** | Windows, macOS, Linux | Untrusted desktop application without source code. A JavaScript based exploit would lead to RCE |
| [WeChat](https://pc.weixin.qq.com/) | **DISABLED** | Electron | **Closed Source** | [Windows](https://pc.weixin.qq.com/) | Untrusted desktop application without source code. | [2021-04-20 Recent Chromium bug used to attack Chinese WeChat users](https://therecord.media/recent-chromium-bug-used-to-attack-chinese-wechat-users/) |


0 comments on commit 0f43a1e

Please sign in to comment.