Experimental Features Enabled
Description
Experimental features are not expected to be in production-ready applications. They can introduce security vulnerabilities and should be disabled in production environments.
Examples
Insecure Code
javascript
new BrowserWindow({webPreferences: {experimentalFeatures: true}})Secure Code
javascript
new BrowserWindow({webPreferences: {experimentalFeatures: false}})Remediation
Disable experimental features by setting webPreferences.experimentalFeatures to false.
Rule Details
| Field | Value |
|---|---|
| ID | CODE-0371 |
| Category | InsecureConfig |
| Severity | CRITICAL |
| CWE | CWE-272 |
| Confidence | HIGH |
| Impact | HIGH |
| Likelihood | MEDIUM |
| Exploitability | EASY |
| Tags | security-misconfiguration, least-privilege-violation |
| OWASP | A6:2017-Security Misconfiguration, A05:2021-Security Misconfiguration |