CVE-2026-34774
HIGH8.1EPSS 0.02%Electron: Use-after-free in offscreen child window paint callback
Description
### Impact Apps that use offscreen rendering and allow child windows via `window.open()` may be vulnerable to a use-after-free. If the parent offscreen `WebContents` is destroyed while a child window remains open, subsequent paint frames on the child dereference freed memory, which may lead to a crash or memory corruption. Apps are only affected if they use offscreen rendering (`webPreferences.offscreen: true`) and their `setWindowOpenHandler` permits child windows. Apps that do not use offscreen rendering, or that deny child windows, are not affected. ### Workarounds Deny child window creation from offscreen renderers in your `setWindowOpenHandler`, or ensure child windows are closed before the parent is destroyed. ### Fixed Versions * `41.0.0` * `40.7.0` * `39.8.1` ### For more information If there are any questions or comments about this advisory, please email [[email protected]](mailto:[email protected])
Affected packages (1)
- npm/electronfrom 0, < 39.8.1
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | HIGH8.1 | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H |