PSA: a recently-fixed image parsing vulnerability in Chrome (and things that use Chrome, such as Electron apps) is being actively exploited in the wild. install your updates!
PSA: a recently-fixed image parsing vulnerability in Chrome (and things that use Chrome, such as Electron apps) is being actively exploited in the wild. install your updates!
nvd.nist.gov
NVD - CVE-2023-4863
Chrome was updated September 11
Matrix Element Desktop updated September 15, without a changelog or advisory. (The Element update on September 13 did not include the updated electron with the fix; today's update does, according to their announcement on Matrix.)
Many/most electron apps don't receive timely security updates, so if you don't want arbitrary images to be able to get code execution you might want to stop using them.