Electron Releases - v7.3.3

npm install electron@v7.3.3
yarn add electron@v7.3.3

Release Notes


  • Backported fixe for UAF in extensions (NOCVE). #24420
  • Fix: DCHECK failure in value.IsHeapObject() in objectsdebug.cc. (Chromium security issue 1084820). #24564
  • Fix: XSS on chrome://histograms/ with a compromised renderer. (Chromium security issue 1073409). #24627
  • Fix: heap-use-after-free in content::NavigationRequest::OnWillProcessResponseProcessed. (Chromium security issue 1090543). #24567
  • Fix: heap-use-after-free in ui::AXTreeSerializerblink (Chromium security issue 1065122). #24555
  • Fix: memcpy-param-overlap in AudioBuffer::copyFromChannel. (Chromium security issue 1081722). #24584
  • Fix: remove leaks of post-redirect URL for <script> in the CSP reports and stacktraces of errors (Chromium security issue 1074317). #24558
  • Fix: update webrtc root certificate. (Chromium security issue 978779). #24619
  • Fix: use-of-uninitialized-value in amr_read_header. (Chromium security issue 1065731). #24596
  • Fix: usrsctp is called with pointer as network address. (Chromium security issue 1076703). #24561

Other Changes

  • Backported the fix to CVE-2020-6532: Use after free in SCTP. #24894
  • Security: Backported fix for CVE-2020-6541. #25026

End of Support for 7.x.y

Electron 7.x.y has reached end-of-support as per the project's support policy. Developers and applications are encouraged to upgrade to a newer version of Electron.