Here we look at Modifying the default ASP. NET Core application to use Electron.NET, using Visual Studio Code to debug ASP. NET Razor pages, implementing native UI elements such as message boxes, system file dialogs, and custom application menus, adding third-party MVC controls, and building deployment media for other platforms. Jul 29, 2020 Slack is one of the most popular team communication services for work. Some may call it a glorified IRC but that doesn’t impact its popularity. It is available for free with additional features offered in its paid plans. Though Slack can be installed on Linux thanks to an Electron app but it is not open source, neither the client nor the server.

Written by

Electron

Slack Electron Architecture

Written by

Slack Electron

Electron, a popular web application writing platform underlying some extremely widespread software including Skype and Slack, is vulnerable to a critical remote code execution vulnerability.

Slack Deletron

Apps are only vulnerable if they run on Microsoft Windows and register themselves as the default handler for a protocol like myapp://. MacOS and Linux apps are not vulnerable. Referred to as a “Protocol Handler Vulnerability,” the problem has been assigned the number CVE-2018-1000006.

Protocols like slack:// make it so that users can click links from other software like a web browser and directly go to, for instance, the Slack app.

Several widely used apps are built on Electron, including Windows desktop apps for the encrypted messaging app Signal, the audio chat app Discord and the content management system WordPress. However, most of these apps don’t register themselves as the default handler for a protocol like myapp:// so they are not vulnerable. You can find a full list of Electron apps here to better understand the popularity of Electron, but it’s not a definitive list of apps impacted by this vulnerability.

Slack electronics recycling

The recently released Slack versions 3.0.3+ for Windows addresses the vulnerability, according to a Slack spokesperson who urged all users to upgrade immediately.

A Microsoft spokesperson confirmed the newest version of Skype mitigated the vulnerability.

Electron

Electron’s appeal is that developers can easily write an app using web technology like HTML, CSS and JavaScript instead of rewriting it multiple times in different languages for multiple platforms.

Slack electron microscope

Electron published new versions of their software to fix the vulnerability on Tuesday. All developers are urged to upgrade immediately.

Update: Added a comment from Microsoft.

Slack Electron

Slack

Electron Desktop Gui

-In this Story-

Electron, Microsoft Windows, Skype, Slack