Introduction Hello, I’m RyotaK (@ryotkak ), a security engineer at GMO Flatt Security Inc. A while ago, I reported a remote code execution vulnerability that chains multiple problems in Chatwork, a popular communication tool in Japan. In the report that I sent to the bug bounty platform, I used an obsolete feature of Electron to escalate to the preload context. As the vulnerability was interesting, I’m writing this article to share the details of it.
