Context isolation bypass via nested unserializable return value in Electron
Description
Electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS. Electron apps using contextIsolation and contextBridge are affected. This is a context isolation bypass, meaning that code running in the main world context in the renderer can reach into the isolated Electron context and perform privileged actions. This issue is only exploitable if an API exposed to the main world via contextBridge can return an object or array that contains a javascript object which cannot be serialized, for instance, a canvas rendering context. This would normally result in an exception being thrown Error: object could not be cloned. The app side workaround is to ensure that such a case is not possible. Ensure all values returned from a function exposed over the context bridge are supported. This issue has been fixed in versions 25.0.0-alpha.2, 24.0.1, 23.2.3, and 22.3.6.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Electron context isolation bypass via contextBridge: return values that cannot be serialized or throw errors allow renderer code to access privileged APIs.
Root
Cause
Electron's contextIsolation feature separates the renderer's "main world" from the preload script's "isolated world". The contextBridge API allows controlled communication. However, when a function exposed via contextBridge returns a JavaScript object that cannot be cloned (e.g., a canvas rendering context) or when a return value throws a user-generated exception during serialization (e.g., a dynamic getter), the normal "object could not be cloned" error is suppressed, and the object's reference leaks into the main world [1][4]. This breaches the isolation boundary, giving renderer code unintended access to the isolated world's objects.
Exploitation
An attacker who can execute arbitrary JavaScript in the renderer's main world (e.g., via a cross-site scripting vulnerability) can exploit this by calling an exposed API that returns such a problematic value. The attacker does not require authentication beyond the existing renderer access. No special network position is needed; the attack occurs entirely within the Electron application's process [1].
Impact
Successful exploitation allows code running in the main world to reach into the isolated Electron context and perform privileged actions. This includes accessing Node.js APIs, the filesystem, and other system resources, potentially leading to remote code execution or full system compromise [4].
Mitigation
Electron has released patches in versions 25.0.0-alpha.2, 24.0.1, 23.2.3, and 22.3.6 [1]. Developers using earlier versions should update immediately. As a workaround, ensure that all values returned from functions exposed via contextBridge are serializable and do not contain dynamic getters that could throw exceptions [4].
AI Insight generated on May 20, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
electronnpm | < 22.3.6 | 22.3.6 |
electronnpm | >= 23.0.0-alpha.1, < 23.2.3 | 23.2.3 |
electronnpm | >= 24.0.0-alpha.1, < 24.0.1 | 24.0.1 |
electronnpm | >= 25.0.0-alpha.1, < 25.0.0-alpha.2 | 25.0.0-alpha.2 |
Affected products
2- Range: < 22.3.6
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
4- github.com/advisories/GHSA-p7v2-p9m8-qqg7ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2023-29198ghsaADVISORY
- github.com/electron/electron/security/advisories/GHSA-p7v2-p9m8-qqg7ghsax_refsource_CONFIRMWEB
- www.electronjs.org/docs/latest/api/context-bridgeghsax_refsource_MISCWEB
News mentions
0No linked articles in our index yet.