From ef3469e987e73bd71d351e67a2dd768a86daffc9 Mon Sep 17 00:00:00 2001 From: Carlos Polop Date: Tue, 7 Jan 2025 19:14:05 +0100 Subject: [PATCH] typo --- .../pentesting-web/electron-desktop-apps/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/network-services-pentesting/pentesting-web/electron-desktop-apps/README.md b/src/network-services-pentesting/pentesting-web/electron-desktop-apps/README.md index 9c71c9999..5f4361c3f 100644 --- a/src/network-services-pentesting/pentesting-web/electron-desktop-apps/README.md +++ b/src/network-services-pentesting/pentesting-web/electron-desktop-apps/README.md @@ -303,7 +303,7 @@ In the case the **regex** used by the function is **vulnerable to bypasses** (fo The Electron Remote module allows **renderer processes to access main process APIs**, facilitating communication within an Electron application. However, enabling this module introduces significant security risks. It expands the application's attack surface, making it more susceptible to vulnerabilities such as cross-site scripting (XSS) attacks. > [!TIP] -> Althoigh the **remote** module exposes some APIs from main to renderer processes, it's not straight forward to get RCE just only abusing the components. However, the components might expose sensitive information. +> Although the **remote** module exposes some APIs from main to renderer processes, it's not straight forward to get RCE just only abusing the components. However, the components might expose sensitive information. > [!WARNING] > Many apps that still use the remote module do it in a way that **require NodeIntegration to be enabled** in the renderer process, which is a **huge security risk**.