Vulnerabilities
**[12-Aug-2022] **Chromium CVE-2022-2162
We are aware of this vulnerability due to insufficient policy enforcement in the File System API of Google Chrome on Windows prior to 103.0.5060.53, allowing a remote attacker to bypass file system access via a crafted HTML page. Hackolade uses Electron, the open-source software framework developed and maintained by GitHub. Electron combines the Chromium rendering engine and the Node.js runtime.
While Electron comes with Chromium built-in, it is not used as a regular browser. Meaning that the app is not loading random/potentially malicious html/js from the internet, but only static predefined content.
Nevertheless, and as a precautionary measure, Hackolade Studio’s version 6.4.0 has been upgraded to a version of Electron that includes a backported fix to patch this vulnerability. Users of Hackolade Studio are encouraged to upgrade to the latest version of Hackolade Studio, currently v6.4.0 or higher.
**[08-Apr-22] **Chromium CVE-2022-1096 vulnerability
We are aware of this vulnerability due to type confusion in V8. Hackolade uses Electron, the open-source software framework developed and maintained by GitHub. Electron combines the Chromium rendering engine and the Node.js runtime. Chromium uses V8, Google's open source JavaScript engine.
The technical details for this vulnerability are unknown and an exploit is not publicly available. While Electron comes with Chromium built-in, it is not used as a regular browser. Meaning that the app is not loading random/potentially malicious html/js from the internet, but only static predefined content.
Nevertheless, and as a precautionary measure, Hackolade Studio’s current version 6 as well as the previous major version 5 have both been upgraded to a version of Electron that includes a version of Chromium that officially patches this vulnerability. Users of Hackolade Studio are encouraged to upgrade to the latest version of Hackolade Studio, currently v6.0.4 or higher, or v5.4.12 or higher.
**[13-Dec-21] **Log4j CVE-2021-44228 vulnerability
We are aware of this vulnerability report. But Hackolade does NOT use Java. The application is written in JavaScript. This vulnerability does not affect us.