Chromium FileReader 漏洞修复

Chrome 中发现了一个高危漏洞，该漏洞会影响所有基于 Chromium 的软件，包括 Electron。

¥A High severity vulnerability has been discovered in Chrome which affects all software based on Chromium, including Electron.

此漏洞已被分配 CVE-2019-5786。你可以在 Chrome 博客帖子 中了解更多信息。

¥This vulnerability has been assigned CVE-2019-5786. You can read more about it in the Chrome Blog Post.

请注意，Chrome 已报告此漏洞正在被广泛利用，因此强烈建议你尽快升级 Electron。

¥Please note that Chrome has reports of this vulnerability being used in the wild so it is strongly recommended you upgrade Electron ASAP.

---

范围

¥Scope

这会影响任何可能运行第三方或不受信任的 JavaScript 的 Electron 应用。

¥This affects any Electron application that may run third-party or untrusted JavaScript.

缓解措施

¥Mitigation

受影响的应用应升级到 Electron 的修补版本。

¥Affected apps should upgrade to a patched version of Electron.

我们已发布 Electron 的新版本，其中包含针对此漏洞的修复：

¥We've published new versions of Electron which include fixes for this vulnerability:

• 4.0.8

• 3.1.6

• 3.0.16

• 2.0.18

Electron 5 的最新测试版跟踪了 Chromium 73，因此已经修复：

¥The latest beta of Electron 5 was tracking Chromium 73 and therefore is already patched:

• 5.0.0-beta.5

更多信息

¥Further Information

此漏洞由谷歌威胁分析小组的 Clement Lecigne 发现，并报告给 Chrome 团队。Chrome 博客文章可在 此处 中找到。

¥This vulnerability was discovered by Clement Lecigne of Google's Threat Analysis Group and reported to the Chrome team. The Chrome blog post can be found here.

要了解有关保护 Electron 应用安全的最佳实践的更多信息，请参阅我们的 安全教程。

¥To learn more about best practices for keeping your Electron apps secure, see our security tutorial.

如果你想报告 Electron 中的漏洞，请发送电子邮件至 security@electronjs.org。

¥If you wish to report a vulnerability in Electron, email security@electronjs.org.