Ok, I think every software should run in something like a sandbox. But the edge of the sandbox does not have to be your computer. In an enterprise environment, you can easily deploy an electron application safely. Even without security professionals / community.
Yes, the electron exploits are easy to use.
I think it will be irrelevant to use electron in the future.
Electron has the same fate as Crosswalk and gets killed by the Chrome browser.
Until then, try to live as stable with electron as possible. I'm not sure which role Microsoft is playing here, but they also have an interest in electron. (VSCode, Microsoft Teams, etc ...)
But I think the problem is the WebApp.
If Telegram supports an XSS in Electron why not in Safari or Chrome?
You have to trust a vendor not only the technology.
As you pointed out in another thread, this discussion would be good to transfer somewhere else on this forum (maybe a security meta-topic)? I'll try to answer you as comprehensively as I can tomorrow, because have some job to do. Btw I do offensive security on regular basis, so I think I understand the issue of (not-only) Electron in different contexts. I do no want to argue with you about usability. Web will simply defeat native apps (mainly) because of the pain with creating native UI libraries for each ecosystem and so on...but I still do thing that in common context Electron is very insecure by itself.
For further actions, you may consider blocking this person and/or reporting abuse
We're a place where coders share, stay up-to-date and grow their careers.
Ok, I think every software should run in something like a sandbox. But the edge of the sandbox does not have to be your computer. In an enterprise environment, you can easily deploy an electron application safely. Even without security professionals / community.
Yes, the electron exploits are easy to use.
I think it will be irrelevant to use electron in the future.
Electron has the same fate as Crosswalk and gets killed by the Chrome browser.
Until then, try to live as stable with electron as possible. I'm not sure which role Microsoft is playing here, but they also have an interest in electron. (VSCode, Microsoft Teams, etc ...)
But I think the problem is the WebApp.
If Telegram supports an XSS in Electron why not in Safari or Chrome?
You have to trust a vendor not only the technology.
As you pointed out in another thread, this discussion would be good to transfer somewhere else on this forum (maybe a security meta-topic)? I'll try to answer you as comprehensively as I can tomorrow, because have some job to do. Btw I do offensive security on regular basis, so I think I understand the issue of (not-only) Electron in different contexts. I do no want to argue with you about usability. Web will simply defeat native apps (mainly) because of the pain with creating native UI libraries for each ecosystem and so on...but I still do thing that in common context Electron is very insecure by itself.