Examples of such vulnerabilities have been fixed in the 1.7.13, 1.8.4, and 2.0.0-beta.5 Electron releases. Chromium) or other internal components (Node.js) if using certain versions of Electron. Security īecause Electron applications are web applications running in the Chromium engine, they may be vulnerable to web-related attacks such as cross-site scripting attacks, through the same attack vectors as a browser (e.g. Most of Electron's APIs are written in C++ or Objective-C and then exposed directly to the application code through JavaScript bindings. The main process runs the application logic, and can then launch multiple renderer processes, rendering the windows that appear on a user's screen rendering HTML and CSS.īoth the main and renderer processes can run with Node.js integration if enabled. There is the 'main' process and several 'renderer' processes. Electron applications comprise multiple processes.
