You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Out of an abundance of caution, we've released updates for Signal Desktop that include the latest version of the Electron v25 stable branch that was just published with a fix for this bug in Chrome.
Do you know whether Signal-Desktop was affected or not? If it was, this vulnerability is wormable, because you can attack anyone in your contact list, right?
Google has published Chrome updates for an RCE vuln in WebP, and has stated that exploits exist in the wild. Electron has released v26.2.1, which bumps chromium to a fixed (?) release.
Could you clarify whether Signal-Desktop is affected? Should we abstain from accepting conversations from unidentified accounts?
The text was updated successfully, but these errors were encountered: