-
CVSS Score
-Basic Information
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIA Semantic Attack on Google Gemini - Read the Latest Research
A Semantic Attack on Google Gemini - Read the Latest Research
Miggo AI
Miggo AIRoot Cause AnalysisThe vulnerability stems from the line in lib/renderer/init.js that set nodeIntegration=true for chrome-devtools:// URLs. This allowed attackers to execute Node.js primitives in a privileged context via devtools windows. The patch explicitly changes this to nodeIntegration=false, confirming this was the vulnerable code path. The CVE description directly references chrome-devtools://devtools/bundled/inspector.html as the attack vector, which aligns with this initialization logic.
| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| electron | npm | < 1.6.8 | 1.6.8 |