Render and control web pages.| www.electronjs.org
In April 2024, I discovered a high-severity vulnerability in Visual Studio Code (VS Code <= 1.89.1) that allows attackers to escalate a Cross-Site Scripting (XSS) bug into full Remote Code Execution (RCE)—even in Restricted Mode. The desktop version of Visual Studio Code runs on Electron. Renderer processes are sandboxed and communicate with the main process through Electron’s IPC mechanism. An XSS vulnerability in the newly-introduced minimal error rendering mode for Jupyter notebooks en...| STAR Labs
Communicate asynchronously from the main process to renderer processes.| www.electronjs.org
Communicate asynchronously from a renderer process to the main process.| www.electronjs.org
Migrating Visual Studio Code to Electron process sandboxing| code.visualstudio.com