Electron Releases

[Release Notes for v7.3.3

](/release/v7.3.3 )

Fixes

  • Backported fixe for UAF in extensions (NOCVE). #24420
  • Fix: DCHECK failure in value.IsHeapObject() in objectsdebug.cc. (Chromium security issue 1084820). #24564
  • Fix: XSS on chrome://histograms/ with a compromised renderer. (Chromium security issue 1073409). #24627
  • Fix: heap-use-after-free in content::NavigationRequest::OnWillProcessResponseProcessed. (Chromium security issue 1090543). #24567
  • Fix: heap-use-after-free in ui::AXTreeSerializerblink (Chromium security issue 1065122). #24555
  • Fix: memcpy-param-overlap in AudioBuffer::copyFromChannel. (Chromium security issue 1081722). #24584
  • Fix: remove leaks of post-redirect URL for <script> in the CSP reports and stacktraces of errors (Chromium security issue 1074317). #24558
  • Fix: update webrtc root certificate. (Chromium security issue 978779). #24619
  • Fix: use-of-uninitialized-value in amr_read_header. (Chromium security issue 1065731). #24596
  • Fix: usrsctp is called with pointer as network address. (Chromium security issue 1076703). #24561

Other Changes

  • Backported the fix to CVE-2020-6532: Use after free in SCTP. #24894
  • Security: Backported fix for CVE-2020-6541. #25026

End of Support for 7.x.y

Electron 7.x.y has reached end-of-support as per the project's support policy. Developers and applications are encouraged to upgrade to a newer version of Electron.

Release Notes for v7.3.2

Fixes

  • Enable NTLM v2 for POSIX platforms and added --disable-ntlm-v2 switch to disable it. #23935
  • Ensured proper nativeImage serialization between renderer and browser processes via remote. #24021
  • Fixed GTK dark theme setting not respected in Electron on Linux. #23966
  • Fixed an error when calling dialog.showCertificateTrustDialog with no BrowserWindow. #24119
  • Fixed crash when handling synchronous IPC errors. #24041
  • Fixed intercepted protocols not raising Redirect information back to Chromium. #23997
  • Fixed issue with some IMEs on windows (for ex: Zhuyin) don't terminate after pressing shift. #24055
  • Fixed the acceptLanguages argument being ignored in session.setUserAgent(). #23964
  • Fixed window titlebar not responding to pen on Windows 10. #24104
  • Updated Node root certs to use NSS 3.53. #24269