*Badly outdated Chrome with a bunch of critical vulnerabilities.
Don’t forget every Electron app comes with its own Chrome.
Last time I checked the version Electron used by Discord was severely out of date causing several issues that had been solved months ago upstream. That’s the fault of Discord, not Electron but there are several issues with Chromium that I have to deal with on every Electron app I use. Compose sequences are still partially broken. I reported it at Chromium but they responded with a video of them testing it on Windows (not with a VM), said they couldn’t reproduce the issue (with a Linux specific input method?!) and then marked it as unreproducible.
Wait, you’re telling me that Discord is probably still vulnerable to the Webp RCE vulnerability?
Problem is, for any somewhat big project (like discord) updating Electron without something breaking is a nightmarishly complex venture as Electron doesn’t seem to care about backwards compatibility.
The error is in picking Electron in the first place. One particular case that I’ve had with several Electron apps are zombie processes. You close the window, but you check the task manager and see 4-5 processes hanging in there, eating resources for no reason.
Steam is using CEF v85 (not Electron but still). Should have gone “please be aware to not visit even slightly shady websites until we update it” but instead went “oh you must like security, so we announce that we will drop Windows 7/8 support in half a year (because CEF Microsoft doesn’t support it anymore) so you could play your games more securely”.
