Threat Watch

Discord Patches Remote Code Execution Chain Vulnerability

Recently, Discord has issued a patch for a critical issue in the desktop version of their messaging app. This critical issue left users exposed to remote code execution (RCE) through the HTML iFrame used to preview links or videos shared in Discord.  In a writeup published by bug bounty hunter Masato Kinugawa, a chain of exploits was created that allowed Kinugawa to inject and execute javascript inside the app itself.  After reporting it to Discord, Kinugawa was awarded $5,000 USD for his find.

Subscribe to Threat Watch

Daily summaries of threats, delivered straight to your inbox!


Click Here to Subscribe to Threat Watch

ANALYST NOTES

As Discord has issued a patch, Binary Defense recommends updating all Discord desktop clients as soon as possible. Additionally, Binary Defense recommends employing a 24/7 SOC monitoring solution, such as Binary Defense’s Security Operations Task Force, in order to catch RCE attempts like this one.
https://www.zdnet.com/article/discord-desktop-app-vulnerable-to-remote-code-execution-bug/

Facebook Twitter Instagram Youtube Linkedin
Solutions
Become a Reseller

Industries

Resources

About

Contact Us
Contact Support