Whatsapp, Slack, Skype and apps based on popular Electron framework vulnerable to backdoor attacks

Originally published at: https://boingboing.net/2019/08/08/pavel-tsakalidis.html

You are grossly overstating the positive qualities of Electron apps (more commonly referred to in the wild as “Electron garbage”). It’s a stupendously bloated way to bundle up a basic-ass web app with an entire private copy of the Chrome browser, except without Chrome’s update schedule, and with a bunch of holes kicked in its security model.


It’s not that I don’t understand the appeal; there are some UIs I enjoy developing in HTML/CSS more than a native widget toolkit (Tables are not one of those though… on reflection there’s probably a library that only generates DOM for the visible cells, but in the past I’ve had no luck with large tables…), and being able to do so while still having access to the local computer’s resources and full control over the browser version without the overhead of HTTP is interesting… but even without considering this new problem the size of the installer has always put me off.
Edit: Really should have thought of googling “virtual html table” before now.

This topic was automatically closed after 5 days. New replies are no longer allowed.