Release Notes for v7.3.3
Fixes
- Backported fixe for UAF in extensions (NOCVE). #24420
- Fix: DCHECK failure in value.IsHeapObject() in objectsdebug.cc. (Chromium security issue 1084820). #24564
- Fix: XSS on chrome://histograms/ with a compromised renderer. (Chromium security issue 1073409). #24627
- Fix: heap-use-after-free in content::NavigationRequest::OnWillProcessResponseProcessed. (Chromium security issue 1090543). #24567
- Fix: heap-use-after-free in ui::AXTreeSerializerblink (Chromium security issue 1065122). #24555
- Fix: memcpy-param-overlap in AudioBuffer::copyFromChannel. (Chromium security issue 1081722). #24584
- Fix: remove leaks of post-redirect URL for
<script>
in the CSP reports and stacktraces of errors (Chromium security issue 1074317). #24558 - Fix: update webrtc root certificate. (Chromium security issue 978779). #24619
- Fix: use-of-uninitialized-value in amr_read_header. (Chromium security issue 1065731). #24596
- Fix: usrsctp is called with pointer as network address. (Chromium security issue 1076703). #24561
Other Changes
- Backported the fix to CVE-2020-6532: Use after free in SCTP. #24894
- Security: Backported fix for CVE-2020-6541. #25026
End of Support for 7.x.y
Electron 7.x.y has reached end-of-support as per the project's support policy. Developers and applications are encouraged to upgrade to a newer version of Electron.