In an update last week, the developers of Electron – the toolkit used to craft widely used apps from Skype and Slack to Atom – shipped a patch to their January patch, and now, an infosec researcher has explained why. A remote-code execution vulnerability, CVE-2018-1000006, was found in Windows applications developed using Electron that registered custom protocol handlers.
ORIGINAL SOURCE: The Register