Release Notes for v7.3.3

Fixes

• Backported fixe for UAF in extensions (NOCVE). #24420
• Fix: DCHECK failure in value.IsHeapObject() in objectsdebug.cc. (Chromium security issue 1084820). #24564
• Fix: XSS on chrome://histograms/ with a compromised renderer. (Chromium security issue 1073409). #24627
• Fix: heap-use-after-free in content::NavigationRequest::OnWillProcessResponseProcessed. (Chromium security issue 1090543). #24567
• Fix: heap-use-after-free in ui::AXTreeSerializerblink (Chromium security issue 1065122). #24555
• Fix: memcpy-param-overlap in AudioBuffer::copyFromChannel. (Chromium security issue 1081722). #24584
• Fix: remove leaks of post-redirect URL for <script> in the CSP reports and stacktraces of errors (Chromium security issue 1074317). #24558
• Fix: update webrtc root certificate. (Chromium security issue 978779). #24619
• Fix: use-of-uninitialized-value in amr_read_header. (Chromium security issue 1065731). #24596
• Fix: usrsctp is called with pointer as network address. (Chromium security issue 1076703). #24561

Other Changes

• Backported the fix to CVE-2020-6532: Use after free in SCTP. #24894
• Security: Backported fix for CVE-2020-6541. #25026

End of Support for 7.x.y

Electron 7.x.y has reached end-of-support as per the project's support policy. Developers and applications are encouraged to upgrade to a newer version of Electron.