Amajor security flaw in WhatsApp’s desktop app for Windows10 and macOS could give hackers remote access to files stored on your computer by inserting JavaScript into messages.
According to Facebook’s most recent security advisory,the flawaffects WhatsApp’s desktop version 25-07-2025 and earlier. The vulnerability also affects users who paired the desktop app with WhatsApp’s iPhone version before 2.20.10.
Updating the WhatsApp desktop app on your PC will likely guard you against any exploitation.
WhatsApp vulnerability
Gal Weizman at PerimeterX originallydiscoveredthe security flaw in the platform. Back in 2017, he first found multiple issues with the app, including tampering with the metadata of messages, sending malicious URL’s via the platform, and more.
But not long ago, he discovered that he could gain access to local storage merely by injecting JavaScript code into messages.
Apparently, the desktop app of WhatsApp was running an older release of Google’s Chromium web engine, i.e., Chrome 69. Any new version would have easily caught any injection of malicious code.
The root cause of the vulnerability began with Facebook implementing the WhatsApp desktop version using the Electron software framework, which already has a history of multiple security issues, according toArs Technica. For those who don’t know, Electron helps in building cross-platform apps based on web technology.
While WhatsApp offers end-to-end encryption for enhanced security, the platform is only safe when it is updated regularly with the latest security fixes.
