CVE-2026-34774
HIGH
GHSA-532v-xpq5-8h95
CVSS Vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
3Description
### Impact Apps that use offscreen rendering and allow child windows via `window.open()` may be vulnerable to a use-after-free. If the parent offscreen `WebContents` is destroyed while a child window remains open, subsequent paint frames on the child dereference freed memory, which may lead to a crash or memory corruption. Apps are only affected if they use offscreen rendering (`webPreferences.offscreen: true`) and their `setWindowOpenHandler` permits child windows. Apps that do not use offscreen rendering, or that deny child windows, are not affected. ### Workarounds Deny child window creation from offscreen renderers in your `setWindowOpenHandler`, or ensure child windows are closed before the parent is destroyed. ### Fixed Versions * `41.0.0` * `40.7.0` * `39.8.1` ### For more information If there are any questions or comments about this advisory, please email [[email protected]](mailto:[email protected])
Analysis
Use-after-free memory corruption in Electron framework (versions <39.8.1, <40.7.0, <41.0.0) allows unauthenticated remote attackers to potentially execute arbitrary code when offscreen rendering is enabled and child windows are permitted. The vulnerability triggers when a parent offscreen WebContents is destroyed while child windows remain active, causing subsequent paint operations to dereference freed memory. …
Sign in for full analysis, threat intelligence, and remediation guidance.
Remediation
Within 24 hours: identify all Electron-based applications in your environment and determine current framework versions. Within 7 days: upgrade to patched versions (Electron 39.8.1 or later, 40.7.0 or later, or 41.0.0 or later) and test in staging environments. …
Sign in for detailed remediation steps.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today