A use-after-free vulnerability affects Electron framework applications that register asynchronous session.setPermissionRequestHandler(). The vulnerability occurs when handling fullscreen, pointer-lock, or keyboard-lock permission requests. If the requesting frame navigates or window closes while the permission handler is pending, invoking the stored callback dereferences freed memory, potentially leading to crash or memory corruption. Applications without permission request handlers or those with synchronous handlers are not affected. The issue has been patched in versions 38.8.6, 39.8.0, 40.7.0, and 41.0.0-beta.8.