- cross-posted to:
- technology@lemmy.world
- security@lemmy.ml
- cross-posted to:
- technology@lemmy.world
- security@lemmy.ml
Chrome was updated September 11
Matrix Element Desktop updated September 15, without a changelog or advisory. (The Element update on September 13 did not include the updated electron with the fix; today’s update does, according to their announcement on Matrix.)
Many/most electron apps don’t receive timely security updates, so if you don’t want arbitrary images to be able to get code execution you might want to stop using them.
Electron apps are such a joke, honestly.
On ArchLinux, many Electron apps use a central installation of Electron that is kept up to date by the package manager. That works pretty well.
Of course, snap-based distributions like Ubuntu and other systems without a proper package manager like macOS and Windows can’t do it like that.
That’s pretty cool. I’m wondering how often this leads to compatibility problems.
Still, nothing comes close to a native UI experience.
Still, nothing comes close to a native UI experience.
That’s not really well defined on Linux. It feels like every application comes with its own toolkit and its own behavior. Even on Windows, there is a mixture of three different generations of Windows UI systems (Windows XP-style, Windows 8-style, Fluent) that are completely different.
More reason I wish devs would stop using Electron and stick to PWAs. Then you only have to update a single browser.
And Firefox and Thunderbird as well. Updates for everything are available.
I keep hearing “exploited in the wild”, but does anyone have anything concrete on it — like, IoCs, PoC, victims … anything?