A use‑after‑free issue exists in Electron’s WebContents permission callbacks for fullscreen, pointer‑lock, and keyboard‑lock. When an application registers an asynchronous session.setPermissionRequestHandler(), the stored callback may be invoked after the requesting page navigates or the window closes, leading the framework to dereference freed memory. This can cause a crash or memory corruption. The vulnerability is tied to CWE‑364 (Read After Free) and CWE‑416 (Use After Free).

Electron framework releases older than 38.8.6, 39.8.0, 40.7.0, and 41.0.0‑beta.8 are affected when applications register an asynchronous permission handler for the three permissions. Applications that do not set such a handler or that respond synchronously are not impacted. Any desktop application built with the electron:electron framework that falls within these version ranges and uses async handlers is potentially vulnerable.

The CVSS base score of 7.5 indicates high severity, yet the EPSS score is below 1 %, suggesting a low likelihood of exploitation in the wild. The vulnerability is not listed in the CISA KEV catalog. The likely attack vector requires an application to process permission requests asynchronously; by forcing a navigation or closing a window while a permission request is pending, the stored callback can be invoked on freed memory, leading to crash or corruption. No public exploits have been reported, and the impact is confined to memory corruption or application crash rather than remote code execution.