Join us

FAUN.dev is where engineers from GitHub, Netflix, and Shopify go to stay ahead β€” fast.

An effortless, straightforward way to keep up with technologies...so you can keep your tabs closed and your mind open!
70,000+ developers already joined ⭐⭐⭐⭐⭐
Trusted by developers at
Google β€’ Microsoft β€’ AWS β€’ Netflix

Subverting code integrity checks to locally backdoor Signal, 1Password, Slack, and more

@faun ・ Sep 15,2025

Subverting code integrity checks to locally backdoor Signal, 1Password, Slack, and more

A fresh CVE (2025-55305) just put Electron apps in the hot seat. The bug? Chromium-based apps fail to treat V8 heap snapshot files as potential attack vectors. That crack lets unsigned JavaScript slip past code signing and run inside heavyweight targets like Slack, 1Password, and Signal.

The heart of it: heap snapshots aren't flagged as executable, so they dodge integrity checks. And if the app lives in a user-writable path? Congratsβ€”you've got a persistent backdoor.

Let's keep in touch!

Stay updated with my latest posts and news. I share insights, updates, and exclusive content.

By subscribing, you share your email with @faun and accept our Terms & Privacy. Unsubscribe anytime.

Give a Pawfive to this post!

Only registered users can post comments. Please, login or signup.

Share with your friends and followers

Start blogging about your favorite technologies, reach more readers and earn rewards!

Join other developers and claim your FAUN.dev account now!

Publish your first story!

FAUN.dev is where engineers from GitHub, Netflix, and Shopify go to stay ahead β€” fast.

An effortless, straightforward way to keep up with technologies...so you can keep your tabs closed and your mind open!
70,000+ developers already joined ⭐⭐⭐⭐⭐
Trusted by developers at
Google β€’ Microsoft β€’ AWS β€’ Netflix
Avatar

The FAUN

@faun
A worldwide community of developers and DevOps enthusiasts!
Developer Influence
3k

Influence

302k

Total Hits

1

Posts

Join and showcase your work and skills