
CVE-2018-15685 – Electron WebPreferences Remote Code Execution - lvh
https://www.contrastsecurity.com/security-influencers/cve-2018-15685
======
lvh
This is related to the recent disclosure about how open redirects in Google
Chat can lead to RCE [0]. The bugs are related to security features not being
correctly inherited across child windows (e.g. iframes).

[0]: [https://blog.bentkowski.info/2018/07/vulnerability-in-
hangou...](https://blog.bentkowski.info/2018/07/vulnerability-in-hangouts-
chat-aka-how.html)

