We achieved full RCE on Element Desktop by chaining iframe injection, Electron misconfigs, and a V8 exploit to bypass sandboxing and access Node.js APIs from a subframe.
How a chain of XSS, CSP bypass, and Electron misconfigs led to full remote code execution on Discord Desktop. We walk through the technical details, steps, and lessons learned.
How we achieved remote code execution in Visual Studio Code's Restricted Mode by chaining origin leaks, CSP bypasses, and webview message handler flaws.
