![]() Playing MP3 files in Windows 11 is possible thanks to these great players. But it being set to false at all means I'd just assume it's false at all times. 2.1 VLC 2.2 AIMP 2.3 MediaMonkey 2.4 winamp 2.5 YouTube Music Desktop App 2.6 Spotify 2.7 kodi 2.8 MusicBee 2.9 Windows media player We explain which are the best applications to play music in MP3 (and other formats) on your Windows 11 PC. I'm not sure if that means it switches between those modes or what. but there are places where it's set to false also. There are places where it is set to true. Because they're on version 11 they'd have to explicitly set contextisolation to true. so in that regard only, they're not safer than version 11. ![]() th-ch is on version 20 which is still supported but not the newest version, they are a few versions behind the most recent release.ĭoing a quick search shows th-ch sets contextisolation to false. the biggest security change I'm aware of for electron (there could be bigger ones, this is just what I'm familiar with) was in version 12 ytmdesktop is on version 11 which isn't supported anymore. That being said, and this is coming from someone that does basically zero javascript/electron development. but that alone would mean there are more chromium vulnerabilities in ytmdesktop compared to th-ch. th-ch is using a much newer electron version which doesn't inherently mean it's safer. I'm not going to read through all the code on both projects but just looking at the version of electron used on each. I don't understand why you only called it out for the th-ch app. Seems like all the arguments are not saying the framework itself is inherently insecure, just that it allows for more of a blast radius in case the application developer using electron does not follow typical security practices and does not stay up to date.īoth th-ch's youtube music app and ytmdesktop use electron. Similar argument can be made for users running outdated Chrome for example. So the framework itself is not inherently insecure, but it allows app develops to potentially create above note.Ī different look at it, highlighting that Chromium exploits may be exploitable as Electron release pacing is not in cadence with it. This is heavily guarded / gated by the Electron permissioning / sandbox model. Talks about how frontend vulnerabilities can now be exploited on desktop as Electron is a desktop wrapper around V8 ultimately.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |