This is an issue that has been surfaced because of GHSA-5gpx-9976-ggpm, which allows insecure use of shell.openExternal when using middle click.
Impact
The impact on the web app is lower than on the desktop app because the browser handles opening of the URL.
Patches
The issue is patched such that you use the mousedown event.
Workarounds
Users should not open links when the displayed URL does not match something familiar.
References
GHSA-5gpx-9976-ggpm
For more information
If you have any questions or comments about this advisory:
This is an issue that has been surfaced because of GHSA-5gpx-9976-ggpm, which allows insecure use of
shell.openExternalwhen using middle click.Impact
The impact on the web app is lower than on the desktop app because the browser handles opening of the URL.
Patches
The issue is patched such that you use the
mousedownevent.Workarounds
Users should not open links when the displayed URL does not match something familiar.
References
GHSA-5gpx-9976-ggpm
For more information
If you have any questions or comments about this advisory: