CVE-2022-36077: 
JavaScript vulnerability analysis and mitigation

The Electron framework, which enables writing cross-platform desktop applications using JavaScript, HTML, and CSS, was found to contain a sensitive information exposure vulnerability (CVE-2022-36077). The vulnerability was discovered in versions prior to 21.0.0-beta.1, 20.0.1, 19.0.11, and 18.3.7. When following a redirect, Electron delayed a check for redirecting to file:// URLs from other schemes, potentially exposing sensitive information (GitHub Advisory, Debian Tracker).

The vulnerability stems from a delayed security check when handling redirects to file:// URLs from other schemes. While the contents of the file remain inaccessible to the renderer following the redirect, the security risk arises specifically on Windows systems. When the redirect target is an SMB URL (e.g., file://some.website.com/), Windows may attempt NTLM authentication, potentially exposing hashed credentials. The vulnerability has been assigned a CVSS v3.1 base score of 5.4 (Moderate), with the vector string CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:L (GitHub Advisory).

The primary impact of this vulnerability is the potential exposure of hashed SMB credentials on Windows systems. When exploited, the vulnerability could lead to the transmission of hashed credentials during NTLM authentication attempts to malicious SMB servers (GitHub Advisory).

The vulnerability has been patched in Electron versions 21.0.0-beta.1, 20.0.1, 19.0.11, and 18.3.7. For users unable to upgrade, a workaround is available by implementing a check in the WebContents.on('will-redirect') event to prevent redirects to file:// URLs. This can be done by adding an event listener that prevents such redirects for all WebContents (GitHub Advisory, Debian Tracker).