HIGH 8.1

GHSA-532v-xpq5-8h95

Electron: Use-after-free in offscreen child window paint callback

Details

### Impact Apps that use offscreen rendering and allow child windows via `window.open()` may be vulnerable to a use-after-free. If the parent offscreen `WebContents` is destroyed while a child window remains open, subsequent paint frames on the child dereference freed memory, which may lead to a crash or memory corruption.

Apps are only affected if they use offscreen rendering (`webPreferences.offscreen: true`) and their `setWindowOpenHandler` permits child windows. Apps that do not use offscreen rendering, or that deny child windows, are not affected.

### Workarounds Deny child window creation from offscreen renderers in your `setWindowOpenHandler`, or ensure child windows are closed before the parent is destroyed.

### Fixed Versions * `41.0.0` * `40.7.0` * `39.8.1`

### For more information If there are any questions or comments about this advisory, please email [security@electronjs.org](mailto:security@electronjs.org)

Are you affected?

Enter the version of the package you're using.

Affected packages

npm / electron

Introduced in: 0 Fixed in: 39.8.1

Fix npm install electron@39.8.1

npm / electron

Introduced in: 40.0.0-alpha.1 Fixed in: 40.7.0

Fix npm install electron@40.7.0

npm / electron

Introduced in: 41.0.0-alpha.1 Fixed in: 41.0.0

Fix npm install electron@41.0.0

References

https://github.com/electron/electron/security/advisories/GHSA-532v-xpq5-8h95 [WEB]
https://nvd.nist.gov/vuln/detail/CVE-2026-34774 [ADVISORY]
https://github.com/electron/electron [PACKAGE]