I should have mentioned that there is a follow up post that covers what was fixed in the last two months linked at the end of the article. Still an XSS is possible and there is no sandbox but re-enabling nodejs integration (if it ever was disabled) is no longer possible (in a way that’s known ;)).
I still think this whole thing is a disaster waiting to happen. Especially since each app bundles it’s own Electron runtime. Will everyone update when security issues come up? I doubt it.
[Comment removed by author]
I should have mentioned that there is a follow up post that covers what was fixed in the last two months linked at the end of the article. Still an XSS is possible and there is no sandbox but re-enabling nodejs integration (if it ever was disabled) is no longer possible (in a way that’s known ;)).
I still think this whole thing is a disaster waiting to happen. Especially since each app bundles it’s own Electron runtime. Will everyone update when security issues come up? I doubt it.