The following issues were found

shell/browser/relauncher_linux.cc
1 issues
open - Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents?
Security

Line: 59 Column: 39 CWE codes: 362 

                                const StringVector& argv) {
  // Redirect the stdout of child process to /dev/null, otherwise after
  // relaunch the child process will raise exception when writing to stdout.
  base::ScopedFD devnull(HANDLE_EINTR(open("/dev/null", O_WRONLY)));

  base::LaunchOptions options;
  options.allow_new_privs = true;
  options.new_process_group = true;  // detach
  options.fds_to_remap.emplace_back(devnull.get(), STDERR_FILENO);

Reported by FlawFinder.

shell/browser/relauncher_mac.cc
1 issues
open - Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents?
Security

Line: 83 Column: 39 CWE codes: 362 

                                const StringVector& argv) {
  // Redirect the stdout of child process to /dev/null, otherwise after
  // relaunch the child process will raise exception when writing to stdout.
  base::ScopedFD devnull(HANDLE_EINTR(open("/dev/null", O_WRONLY)));

  base::LaunchOptions options;
  options.new_process_group = true;  // detach
  options.fds_to_remap.push_back(std::make_pair(devnull.get(), STDERR_FILENO));
  options.fds_to_remap.push_back(std::make_pair(devnull.get(), STDOUT_FILENO));

Reported by FlawFinder.

shell/browser/ui/devtools_ui.cc
1 issues
StrCat - Does not check for buffer overflows when concatenating to destination [MS-banned]
Security

Line: 26 Column: 21 CWE codes: 120 

              namespace {

std::string PathWithoutParams(const std::string& path) {
  return GURL(base::StrCat({content::kChromeDevToolsScheme,
                            url::kStandardSchemeSeparator,
                            chrome::kChromeUIDevToolsHost}))
      .Resolve(path)
      .path()
      .substr(1);

Reported by FlawFinder.

shell/browser/ui/message_box_gtk.cc
1 issues
fprintf - If format strings can be influenced by an attacker, they can be exploited
Security

Line: 263 Column: 5 CWE codes: 134
Suggestion: Use a constant for the format specification 

              
    GtkMessageBox(settings).RunSynchronous();
  } else {
    fprintf(stderr,
            ANSI_TEXT_BOLD ANSI_BACKGROUND_GRAY ANSI_FOREGROUND_RED
            "%s\n" ANSI_FOREGROUND_BLACK "%s" ANSI_RESET "\n",
            base::UTF16ToUTF8(title).c_str(),
            base::UTF16ToUTF8(content).c_str());
  }

Reported by FlawFinder.

shell/browser/win/scoped_hstring.cc
1 issues
wcslen - Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected)
Security

Line: 34 Column: 31 CWE codes: 126 

              
void ScopedHString::Reset(const wchar_t* source) {
  Reset();
  WindowsCreateString(source, wcslen(source), &str_);
}

void ScopedHString::Reset(const std::wstring& source) {
  Reset();
  WindowsCreateString(source.c_str(), source.length(), &str_);

Reported by FlawFinder.

shell/common/api/electron_bindings.cc
1 issues
Null pointer dereference: zero
Error

Line: 126 CWE codes: 476 

              // static
void ElectronBindings::Crash() {
  volatile int* zero = nullptr;
  *zero = 0;
}

// static
void ElectronBindings::Hang() {
  for (;;)

Reported by Cppcheck.

shell/common/application_info_win.cc
1 issues
wchar_t - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 100 Column: 5 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

                  }

    UINT32 length = PACKAGE_FAMILY_NAME_MAX_LENGTH;
    wchar_t packageFamilyName[PACKAGE_FAMILY_NAME_MAX_LENGTH];
    HANDLE proc = GetCurrentProcess();
    LONG result =
        (*get_package_family_namePtr)(proc, &length, packageFamilyName);

    return result == ERROR_SUCCESS;

Reported by FlawFinder.

shell/common/asar/archive.cc
1 issues
realpath - This function does not protect against buffer overflows, and some implementations can overflow internally
Security

Line: 266 Column: 40 CWE codes: 120/785!
Suggestion: Ensure that the destination buffer is at least of size MAXPATHLEN, andto protect against implementation problems, the input argument should also be checked to ensure it is no larger than MAXPATHLEN 

              }

bool Archive::Realpath(const base::FilePath& path,
                       base::FilePath* realpath) const {
  if (!header_)
    return false;

  const base::DictionaryValue* node;
  if (!GetNodeFromPath(path.AsUTF8Unsafe(), header_.get(), &node))

Reported by FlawFinder.

shell/common/asar/archive.h
1 issues
realpath - This function does not protect against buffer overflows, and some implementations can overflow internally
Security

Line: 60 Column: 61 CWE codes: 120/785!
Suggestion: Ensure that the destination buffer is at least of size MAXPATHLEN, andto protect against implementation problems, the input argument should also be checked to ensure it is no larger than MAXPATHLEN 

                             std::vector<base::FilePath>* files) const;

  // Fs.realpath(path).
  bool Realpath(const base::FilePath& path, base::FilePath* realpath) const;

  // Copy the file into a temporary file, and return the new path.
  // For unpacked file, this method will return its real path.
  bool CopyFileOut(const base::FilePath& path, base::FilePath* out);

Reported by FlawFinder.

shell/common/node_bindings.cc
1 issues
Null pointer dereference: zero
Error

Line: 151 CWE codes: 476 

              #endif

  volatile int* zero = nullptr;
  *zero = 0;
}

bool AllowWasmCodeGenerationCallback(v8::Local<v8::Context> context,
                                     v8::Local<v8::String>) {
  // If we're running with contextIsolation enabled in the renderer process,

Reported by Cppcheck.