A security feature bypass issue in WhatsApp Desktop versions prior to v0.3.4932 could have allowed for sandbox escape in Electron and escalation of privilege if combined with a remote code execution vulnerability inside the sandboxed renderer process.
Tag: WhatsApp Desktop
ASA-2020-00043 – WhatsApp Desktop: Cross-Site Scripting (XSS) through a specially crafted live location message
An input validation issue in WhatsApp Desktop versions prior to v0.3.4932 could have allowed Cross-Site Scripting (XSS) upon clicking on a link from a specially crafted live location message.
ASA-2019-00429 – WhatsApp Desktop: An input validation issue allows malicious clients to send files with a wrong extension
An input validation issue affected WhatsApp Desktop versions prior to 0.3.3793 which allows malicious clients to send files to users that would be displayed with a wrong extension.