A group of security researchers found a series of vulnerabilities in the software underlying popular apps like Discord, Microsoft Teams, Slack and many others, which are used by tens of millions of people all over the world.
Aaditya Purani, one of the researchers who found these vulnerabilities, said that “regular users should know that the Electron apps are not the same as their day-to-day browsers,” meaning they are potentially more vulnerable.
The researchers reported the vulnerabilities to Electron to find a fix that earned them more than $10,000 in rewards. Reports state that the bugs were fixed before the researchers published their research.
In apps like Discord, the bug Purani and his mates found only required them to send a malicious link to a video. In Microsoft Teams, the bug they found could be exploited by inviting a victim to a meeting.
In both cases, if the targets clicked on these links, an attacker would have been able to take control of their computers.
Solution suggested by the researcher, is to use apps like Discord or Spotify inside your browser, because then you have the protection afforded by Chrome, which is much larger than the one provided by Electron, and you have control whether it’s up to date or not.