mirror of
https://github.com/HackTricks-wiki/hacktricks.git
synced 2025-10-10 18:36:50 +00:00
Update README.md
This commit is contained in:
parent
e94fb5c22d
commit
284211ccdd
@ -467,14 +467,6 @@ Related reading on postMessage trust issues:
|
||||
../../../pentesting-web/postmessage-vulnerabilities/README.md
|
||||
{{#endref}}
|
||||
|
||||
Hardening guidance
|
||||
- Default to `contextIsolation: true` and `nodeIntegration: false` in all windows/webviews.
|
||||
- Expose only minimal, audited APIs via `contextBridge.exposeInMainWorld()` in a preload; never expose raw Node to untrusted content.
|
||||
- Webview CSP: remove `'unsafe-inline'`; prefer nonces/hashes; restrict `allowScripts`; avoid loading extension-controlled HTML in untrusted frames.
|
||||
- Message validation: enforce strict origin allowlists and message schema; never toggle script execution from untrusted messages.
|
||||
- Scheme/resource guards: canonicalize and strictly constrain custom scheme mappings (e.g., `vscode-file://`), enforce allowlists, and prevent traversal/LFI into app resources.
|
||||
- IPC: audit all endpoints and sanitize renderer-controlled inputs.
|
||||
|
||||
## **Tools**
|
||||
|
||||
- [**Electronegativity**](https://github.com/doyensec/electronegativity) is a tool to identify misconfigurations and security anti-patterns in Electron-based applications.
|
||||
@ -623,7 +615,6 @@ Detection and mitigations
|
||||
- [VS Code RCE PoC (CVE-2021-43908) – electrovolt](https://github.com/Sudistark/vscode-rce-electrovolt)
|
||||
- [GitHub Advisory GHSA-2q4g-w47c-4674 (CVE-2020-15174)](https://github.com/advisories/GHSA-2q4g-w47c-4674)
|
||||
- [MSRC: CVE-2021-43908](https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-43908)
|
||||
|
||||
- [Trail of Bits: Subverting code integrity checks to locally backdoor Signal, 1Password, Slack, and more](https://blog.trailofbits.com/2025/09/03/subverting-code-integrity-checks-to-locally-backdoor-signal-1password-slack-and-more/)
|
||||
- [Electron fuses](https://www.electronjs.org/docs/latest/tutorial/fuses)
|
||||
- [Electron ASAR integrity](https://www.electronjs.org/docs/latest/tutorial/asar-integrity)
|
||||
@ -633,7 +624,6 @@ Detection and mitigations
|
||||
- [Loki C2](https://github.com/boku7/Loki/)
|
||||
- [Chromium: Disable loading of unsigned code (CIG)](https://chromium.googlesource.com/chromium/src/+/refs/heads/lkgr/docs/design/sandbox.md#disable-loading-of-unsigned-code-cig)
|
||||
- [Chrome security FAQ: physically local attacks out of scope](https://chromium.googlesource.com/chromium/src/+/HEAD/docs/security/faq.md#why-arent-physically_local-attacks-in-chromes-threat-model)
|
||||
|
||||
- [https://shabarkin.medium.com/unsafe-content-loading-electron-js-76296b6ac028](https://shabarkin.medium.com/unsafe-content-loading-electron-js-76296b6ac028)
|
||||
- [https://medium.com/@renwa/facebook-messenger-desktop-app-arbitrary-file-read-db2374550f6d](https://medium.com/@renwa/facebook-messenger-desktop-app-arbitrary-file-read-db2374550f6d)
|
||||
- [https://speakerdeck.com/masatokinugawa/electron-abusing-the-lack-of-context-isolation-curecon-en?slide=8](https://speakerdeck.com/masatokinugawa/electron-abusing-the-lack-of-context-isolation-curecon-en?slide=8)
|
||||
|
Loading…
x
Reference in New Issue
Block a user