CVE-2025-55305: Electron has ASAR Integrity Bypass via resource modification

The vulnerability lies in the lack of integrity validation for the V8 snapshot when an Electron application is launched. This allows an attacker with local file system access to modify the snapshot and achieve arbitrary code execution. The analysis of the provided patches reveals two key functions that contribute to this vulnerability.

1. gin::GetMappedFileData: This function in gin/v8_initializer.cc is directly responsible for loading the V8 snapshot data. The patches show the addition of a call to SnapshotValidator().Run(data), which performs the integrity check. Before this change, the function would map the snapshot file into memory without any validation, making it the direct point of failure where a malicious snapshot would be processed.

2. ElectronMainDelegate::ElectronMainDelegate: This constructor in shell/app/electron_main_delegate.cc is the entry point for configuring the application's behavior. The patch modifies it from a default constructor to one that explicitly calls gin::SetV8SnapshotValidator. This new call registers the validation function that GetMappedFileData will use. The original default constructor lacked this setup, meaning the validation mechanism was never enabled, thus creating the security hole.

Both functions are critical to understanding the vulnerability. ElectronMainDelegate::ElectronMainDelegate is where the security measure should have been initiated, and gin::GetMappedFileData is where the unvalidated data was consumed. During exploitation, a profiler would show ElectronMainDelegate::ElectronMainDelegate being called during application startup, and gin::GetMappedFileData being called when the V8 engine is initialized and the snapshot is loaded.