Km/fido2 client windows #17533

quexten · 2025-11-21T01:46:35Z

🎟️ Tracking

📔 Objective

📸 Screenshots

⏰ Reminders before review

Contributor guidelines followed
All formatters and local linters executed and passed
Written new unit and / or integration tests where applicable
Protected functional changes with optionality (feature flags)
Used internationalization (i18n) for all UI strings
CI builds passed
Communicated to DevOps any deployment requirements
Updated any necessary documentation (Confluence, contributing docs) or informed the documentation team

🦮 Reviewer guidelines

👍 (:+1:) or similar for great changes
📝 (:memo:) or ℹ️ (:information_source:) for notes or general info
❓ (:question:) for questions
🤔 (:thinking:) or 💭 (:thought_balloon:) for more open inquiry that's not quite a confirmed issue and could potentially benefit from discussion
🎨 (:art:) for suggestions / improvements
❌ (:x:) or ⚠️ (:warning:) for more significant problems or concerns needing attention
🌱 (:seedling:) or ♻️ (:recycle:) for future improvements or indications of technical debt
⛏ (:pick:) for minor or nitpick changes

sonarqubecloud · 2025-11-21T02:07:23Z

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

github-actions · 2025-11-21T02:13:40Z

Checkmarx One – Scan Summary & Details – 61a1746d-4380-4422-9460-83cc5621e1a7

New Issues (21)

Checkmarx found the following issues in this Pull Request

Issue	Source File / Package	Checkmarx Insight
CVE-2025-11205	Npm-electron-37.7.0	details Recommended version: 39.2.0 Description: Heap Buffer Overflow in WebGPU in Google Chrome prior to 141.0.7390.54 allowed a remote attacker who had compromised the renderer process to potent... Attack Vector: NETWORK Attack Complexity: LOW `ID: nZB3%2BIKb7Zg21bLPMgwdiV90kARNwP0Zn1m0GumbrTI%3D` Vulnerable Package
CVE-2025-11206	Npm-electron-37.7.0	details Recommended version: 39.2.0 Description: Heap Buffer Overflow in Video in Google Chrome prior to 141.0.7390.54 allowed a remote attacker to potentially perform a sandbox escape via a craft... Attack Vector: NETWORK Attack Complexity: LOW `ID: E3kP0NKULPPZOZV6xPkBCppcu0GFLfY32hhtTaYekTs%3D` Vulnerable Package
CVE-2025-11209	Npm-electron-37.7.0	details Recommended version: 39.2.0 Description: Inappropriate implementation in Omnibox in Google Chrome on Android prior to 141.0.7390.54 allowed a remote attacker to spoof the contents of the O... Attack Vector: NETWORK Attack Complexity: LOW `ID: vszt%2BRbLW0QqDwgK7RAwkwruryT2jNELegNR%2F%2FuHOT8%3D` Vulnerable Package
CVE-2025-12727	Npm-electron-37.7.0	details Recommended version: 39.2.0 Description: Inappropriate implementation in V8 in Google Chrome prior to 142.0.7444.137 allowed a remote attacker to potentially exploit heap corruption via a ... Attack Vector: NETWORK Attack Complexity: LOW `ID: tZtP2%2BIop4xe5KTQi9DKqW%2F4QpVUK0PvTFv6QgGy1%2Bk%3D` Vulnerable Package
CVE-2025-12907	Npm-electron-37.7.0	details Recommended version: 39.2.0 Description: Insufficient validation of untrusted input in Devtools in Google Chrome prior to 140.0.7339.80 allowed a remote attacker to execute arbitrary code ... Attack Vector: NETWORK Attack Complexity: LOW `ID: pLVpJr3rcFw6P17Gxj090tq1qCRsXcm77V3A469ctWY%3D` Vulnerable Package
CVE-2025-13226	Npm-electron-37.7.0	details Recommended version: 39.2.0 Description: Type Confusion in V8 in Google Chrome prior to 142.0.7444.59 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML pa... Attack Vector: NETWORK Attack Complexity: LOW `ID: %2FYDRCa3CP9wFY7%2Fozsb%2BFu5%2BpWgFCmPjjhTEdgpJXi4%3D` Vulnerable Package
CVE-2025-13227	Npm-electron-37.7.0	details Recommended version: 39.2.0 Description: Type Confusion in V8 in Google Chrome prior to 142.0.7444.59 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Attack Vector: NETWORK Attack Complexity: LOW `ID: 6eODxB6BmL2b5mGbSPL9bYnjZ1jHcYRvQn%2BbujdrO1g%3D` Vulnerable Package
CVE-2025-64756	Npm-glob-11.0.3	details Recommended version: 11.1.0 Description: Glob matches files using patterns the shell uses. In versions 10.2.0 prior to 10.5.0 and 11.0.0 prior to 11.1.0, the glob CLI contains a command in... Attack Vector: NETWORK Attack Complexity: HIGH `ID: 3wXXVy71Sa0gNN1F5MjWqK5no3rk2CW40SkmGgLRAPQ%3D` Vulnerable Package
CVE-2025-64756	Npm-glob-10.4.5	details Recommended version: 10.5.0 Description: Glob matches files using patterns the shell uses. In versions 10.2.0 prior to 10.5.0 and 11.0.0 prior to 11.1.0, the glob CLI contains a command in... Attack Vector: NETWORK Attack Complexity: HIGH `ID: Xe2QsFY%2BeC1oJsqDXdGnR14qZmkNZ%2BzisMtWV5e%2FUd0%3D` Vulnerable Package
CVE-2025-11207	Npm-electron-37.7.0	details Recommended version: 39.2.0 Description: Side-channel information leakage in Storage in Google Chrome prior to 141.0.7390.54 allowed a remote attacker to perform arbitrary read/write via a... Attack Vector: NETWORK Attack Complexity: LOW `ID: WjB9u2QYReQtbN45F7%2FoXXz9GpJbF5y5xn28I8dIyCE%3D` Vulnerable Package
CVE-2025-11208	Npm-electron-37.7.0	details Recommended version: 39.2.0 Description: Inappropriate implementation in Media in Google Chrome prior to 141.0.7390.54 allowed a remote attacker who convinced a user to engage in specific ... Attack Vector: NETWORK Attack Complexity: LOW `ID: kfDWhp3FTxjWBU3iwhxrLX%2FVWqeilHA7DzgG5MnbV8E%3D` Vulnerable Package
CVE-2025-11210	Npm-electron-37.7.0	details Recommended version: 39.2.0 Description: Side-channel information leakage in Tab in Google Chrome prior to 141.0.7390.54 allowed a remote attacker who convinced a user to engage in specifi... Attack Vector: NETWORK Attack Complexity: LOW `ID: pZLc4WAq1F7kn%2Fr6AHfcM5MZflpuMmeoPPdF8WNvR9o%3D` Vulnerable Package
CVE-2025-11212	Npm-electron-37.7.0	details Recommended version: 39.2.0 Description: Inappropriate implementation in Media in Google Chrome on Windows prior to 141.0.7390.54 allowed a remote attacker who convinced a user to engage i... Attack Vector: NETWORK Attack Complexity: LOW `ID: UOAwZ1CcHzVWgQbRM7NKuTxOzrjCP5VNuMz7ncAKh4o%3D` Vulnerable Package
CVE-2025-11213	Npm-electron-37.7.0	details Recommended version: 39.2.0 Description: Inappropriate implementation in Omnibox in Google Chrome on Android prior to 141.0.7390.54 allowed a remote attacker who convinced a user to engage... Attack Vector: NETWORK Attack Complexity: LOW `ID: 7VXQuDcP%2Fyvm%2BEf4XSigtkrKPsYjVxbQWdOeOOqe3qY%3D` Vulnerable Package
CVE-2025-11215	Npm-electron-37.7.0	details Recommended version: 39.2.0 Description: Off-by-one Error in V8 in Google Chrome prior to 141.0.7390.54 allowed a remote attacker to perform an Out-of-bounds Memory Read via a crafted HTML... Attack Vector: NETWORK Attack Complexity: LOW `ID: XE3q21531YYEka9noXyjZbBBNh84q6%2FHEqxlWCniRU8%3D` Vulnerable Package
CVE-2025-11216	Npm-electron-37.7.0	details Recommended version: 39.2.0 Description: Inappropriate implementation in Storage in Google Chrome on Mac prior to 141.0.7390.54 allowed a remote attacker to perform domain spoofing via a c... Attack Vector: NETWORK Attack Complexity: LOW `ID: qtf07QN%2F8v%2FqLI60KbW8duEsWP5RQy1kZNcjkY%2FEtZ4%3D` Vulnerable Package
CVE-2025-12728	Npm-electron-37.7.0	details Recommended version: 39.2.0 Description: Inappropriate implementation in Omnibox in Google Chrome on Android prior to 142.0.7444.137 allowed a remote attacker who convinced a user to engag... Attack Vector: NETWORK Attack Complexity: HIGH `ID: e72Vu4LD1%2FfrXjFcCdyIWeRMlIq9xTFHrQfSUCmuaqo%3D` Vulnerable Package
CVE-2025-12729	Npm-electron-37.7.0	details Recommended version: 39.2.0 Description: Inappropriate implementation in Omnibox in Google Chrome on Android prior to 142.0.7444.137 allowed a remote attacker who convinced a user to engag... Attack Vector: NETWORK Attack Complexity: HIGH `ID: XbKEI9r6q3X5Yt4QqqzZM352%2F7AWn%2B%2BEkdReimLY%2BcI%3D` Vulnerable Package
CVE-2025-12905	Npm-electron-37.7.0	details Recommended version: 39.2.0 Description: Inappropriate implementation in Downloads in Google Chrome on Windows prior to 140.0.7339.80 allowed a remote attacker to bypass Mark of the Web vi... Attack Vector: NETWORK Attack Complexity: LOW `ID: ZjObaRsdwrEp6U3Hts42MvKbLKOgZOdUsDz623Fr4B8%3D` Vulnerable Package
CVE-2025-12906	Npm-electron-37.7.0	details Recommended version: 39.2.0 Description: Inappropriate implementation in Permissions in Google Chrome prior to 140.0.7339.80 allowed a remote attacker to perform UI spoofing via a crafted ... Attack Vector: NETWORK Attack Complexity: LOW `ID: KlV%2By9J502eKf%2FcHkbA3oExPpoSBk20kT2ljPXZOOG4%3D` Vulnerable Package
CVE-2025-11219	Npm-electron-37.7.0	details Recommended version: 39.2.0 Description: Use After Free in V8 in Google Chrome prior to 141.0.7390.54 allowed a remote attacker to potentially perform Out-of-bounds Memory Access via a cra... Attack Vector: NETWORK Attack Complexity: HIGH `ID: AuT9kLwaKIWMca%2BL%2B%2B4Gz%2Bq1hPVKLNomIa5UW7I6T3U%3D` Vulnerable Package

quexten added 3 commits November 21, 2025 01:55

tmp

d718623

tmp

de0c67d

Tmp

ff8ebc7

quexten changed the base branch from km/fido2-desktop-plumbing to km/fido2-client November 21, 2025 01:47

Merge branch 'km/fido2-client' into km/fido2-client-windows

2979e44

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Km/fido2 client windows #17533

Km/fido2 client windows #17533

quexten commented Nov 21, 2025

Uh oh!

sonarqubecloud bot commented Nov 21, 2025

Uh oh!

github-actions bot commented Nov 21, 2025

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants

Km/fido2 client windows #17533

Are you sure you want to change the base?

Km/fido2 client windows #17533

Conversation

quexten commented Nov 21, 2025

🎟️ Tracking

📔 Objective

📸 Screenshots

⏰ Reminders before review

🦮 Reviewer guidelines

Uh oh!

sonarqubecloud bot commented Nov 21, 2025

Quality Gate passed

Uh oh!

github-actions bot commented Nov 21, 2025

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants