If you find any process with **electron, cef or chromium debugger running** and listening to a port you should try to make the **debugger execute arbitrary commands**.
Abusing this behaviour you **could be able to escalate privileges**.
The abuse of this vulnerability remotely could be as easy as injecting via XSS this line of JS:
But obviously the exploitation will be **much easier locally**, as you can use a tool such as: [**https://github.com/taviso/cefdebug**](https://github.com/taviso/cefdebug)\*\*\*\*
List of resources to pwn electorn apps: [https://github.com/doyensec/awesome-electronjs-hacking](https://github.com/doyensec/awesome-electronjs-hacking)