Arch Linux Security Advisory ASA-201911-7
=========================================
Severity: Critical
Date : 2019-11-04
CVE-ID : CVE-2019-13720
Package : electron
Type : arbitrary code execution
Remote : Yes
Link : https://security.archlinux.org/AVG-1061
Summary
=======
The package electron before version 7.0.1-1 is vulnerable to arbitrary
code execution.
Resolution
==========
Upgrade to 7.0.1-1.
# pacman -Syu "electron>=7.0.1-1"
The problem has been fixed upstream in version 7.0.1.
Workaround
==========
None.
Description
===========
A use-after-free vulnerability has been found in the audio component of
the chromium browser before 78.0.3904.87. Google is aware of reports
that an exploit for this vulnerability exists in the wild.
Impact
======
A remote attacker can execute arbitrary code on the affected host.
References
==========
https://github.com/electron/electron/commit/25b3ee29cf9a8e3f59dcbabf7345b5b1360cd056
https://chromereleases.googleblog.com/2019/10/stable-channel-update-for-desktop_31.html
https://crbug.com/1019226
https://security.archlinux.org/CVE-2019-13720
Updated electron packages has been released for Arch Linux to address an arbitrary code execution