Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
7.5
Electron: Apps may crash when handling fullscreen or pointer-lock requests
GHSA-8337-3p73-46f4
CVE-2026-34771
Summary
Some Electron apps that ask users for permission to use their computer in fullscreen, pointer-lock, or keyboard-lock mode may crash or become unstable if a user navigates away or closes the window while the permission is being handled. This issue can be fixed by handling permission requests immediately, or by not allowing these types of requests if an immediate response is not possible. Updates are available for affected versions of Electron.
What to do
- Update electron to version 38.8.6.
- Update electron to version 39.8.0.
- Update electron to version 40.7.0.
- Update electron to version 41.0.0-beta.8.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| – | electron | <= 38.8.6 | 38.8.6 |
| – | electron | > 39.0.0-alpha.1 , <= 39.8.0 | 39.8.0 |
| – | electron | > 40.0.0-alpha.1 , <= 40.7.0 | 40.7.0 |
| – | electron | > 41.0.0-alpha.1 , <= 41.0.0-beta.8 | 41.0.0-beta.8 |
Original title
Electron: Use-after-free in WebContents fullscreen, pointer-lock, and keyboard-lock permission callbacks
Original description
### Impact
Apps that register an asynchronous `session.setPermissionRequestHandler()` may be vulnerable to a use-after-free when handling fullscreen, pointer-lock, or keyboard-lock permission requests. If the requesting frame navigates or the window closes while the permission handler is pending, invoking the stored callback dereferences freed memory, which may lead to a crash or memory corruption.
Apps that do not set a permission request handler, or whose handler responds synchronously, are not affected.
### Workarounds
Respond to permission requests synchronously, or deny fullscreen, pointer-lock, and keyboard-lock requests if an asynchronous flow is required.
### Fixed Versions
* `41.0.0-beta.8`
* `40.7.0`
* `39.8.0`
* `38.8.6`
### For more information
If there are any questions or comments about this advisory, please email [[email protected]](mailto:[email protected])
Apps that register an asynchronous `session.setPermissionRequestHandler()` may be vulnerable to a use-after-free when handling fullscreen, pointer-lock, or keyboard-lock permission requests. If the requesting frame navigates or the window closes while the permission handler is pending, invoking the stored callback dereferences freed memory, which may lead to a crash or memory corruption.
Apps that do not set a permission request handler, or whose handler responds synchronously, are not affected.
### Workarounds
Respond to permission requests synchronously, or deny fullscreen, pointer-lock, and keyboard-lock requests if an asynchronous flow is required.
### Fixed Versions
* `41.0.0-beta.8`
* `40.7.0`
* `39.8.0`
* `38.8.6`
### For more information
If there are any questions or comments about this advisory, please email [[email protected]](mailto:[email protected])
ghsa CVSS3.1
7.5
Vulnerability type
CWE-416
Use After Free
Published: 3 Apr 2026 · Updated: 3 Apr 2026 · First seen: 3 Apr 2026