CVE-2020-4076

### Impact Apps using `contextIsolation` are affected. This is a context isolation bypass, meaning that code running in the main world context in the renderer can reach into the isolated Electron context and perform privileged actions. ### Workarounds There are no app-side workarounds, you must update your Electron version to be protected. ### Fixed Versions * `9.0.0-beta.21` * `8.2.4` * `7.2.4` ### Non-Impacted Versions * `9.0.0-beta.*` ### For more information If you have any questions or comments about this advisory: * Email us at [security@electronjs.org](mailto:security@electronjs.org)

### Impact Apps using `contextIsolation` are affected. This is a context isolation bypass, meaning that code running in the main world context in the renderer can reach into the isolated Electron context and perform privileged actions. ### Workarounds There are no app-side workarounds, you must update your Electron version to be protected. ### Fixed Versions * `9.0.0-beta.21` * `8.2.4` * `7.2.4` ### Non-Impacted Versions * `9.0.0-beta.*` ### For more information If you have any questions or comments about this advisory: * Email us at [security@electronjs.org](mailto:security@electronjs.org)

En Electron antes de las versiones 7.2.4, 8.2.4 y 9.0.0-beta21, se presenta una omisión de aislamiento de contexto. El código que se ejecuta en el contexto mundial principal en el renderizador puede alcanzar el contexto Electron aislado y llevar a cabo acciones privilegiadas. Las aplicaciones que usan contextIsolation están afectadas. Esto es corregido en las versiones 9.0.0-beta.21, 8.2.4 y 7.2.4