Chromium FileReader 漏洞修复

Chrome 中发现了一个高危漏洞，该漏洞会影响所有基于 Chromium 的软件，包括 Electron。

🌐 A High severity vulnerability has been discovered in Chrome which affects all software based on Chromium, including Electron.

此漏洞已被分配编号 CVE-2019-5786。你可以在 Chrome 博客文章 中阅读更多相关信息。

🌐 This vulnerability has been assigned CVE-2019-5786. You can read more about it in the Chrome Blog Post.

请注意，Chrome 已报告此漏洞正在被广泛利用，因此强烈建议你尽快升级 Electron。

🌐 Please note that Chrome has reports of this vulnerability being used in the wild so it is strongly recommended you upgrade Electron ASAP.

---

范围

🌐 Scope

这会影响任何可能运行第三方或不受信任的 JavaScript 的 Electron 应用。

🌐 This affects any Electron application that may run third-party or untrusted JavaScript.

缓解措施

🌐 Mitigation

受影响的应用应升级到 Electron 的修补版本。

🌐 Affected apps should upgrade to a patched version of Electron.

我们已发布 Electron 的新版本，其中包含针对此漏洞的修复：

🌐 We've published new versions of Electron which include fixes for this vulnerability:

• 4.0.8
• 3.1.6
• 3.0.16
• 2.0.18

Electron 5 的最新测试版跟踪了 Chromium 73，因此已经修复：

🌐 The latest beta of Electron 5 was tracking Chromium 73 and therefore is already patched:

• 5.0.0-beta.5

更多信息

🌐 Further Information

此漏洞由谷歌威胁分析组的Clement Lecigne发现，并报告给了Chrome团队。Chrome博客文章可以在这里找到。

🌐 This vulnerability was discovered by Clement Lecigne of Google's Threat Analysis Group and reported to the Chrome team. The Chrome blog post can be found here.

要了解有关保持你的 Electron 应用安全的最佳做法的更多信息，请参阅我们的[安全教程]。

🌐 To learn more about best practices for keeping your Electron apps secure, see our security tutorial.

如果你希望报告 Electron 中的漏洞，请提交 [GitHub 安全咨询]。

🌐 Please file a GitHub Security Advisory if you wish to report a vulnerability in Electron.