According to the National Vulnerability Database, the vulnerability (CVE-2019-1842) “when paired with WhatsApp for iPhone versions prior to 2.20.10, allows cross-site scripting and local file reading.” In essence, it allows cyber-criminals to execute phishing or ransomware campaigns through notification messages that appear normal at first sight.
WhatsApp’s desktop applications, which need to be paired with the Android or iOS version of the app to work, are built using web-browser technology with the Electron framework. As it turns out, WhatsApp developers were using an old, out-of-date version of Chromium (version 69), which was already known to have these vulnerabilities. The standard practice is to always update the code with the latest version of Chromium while using Electron, as per Weizman.
WhatsApp’s desktop apps have more than 1.5 billion users globally, and it isn’t immediately clear as to how many of them are affected by the issue. Facebook has already updated the software with the requisite patches, so the latest version should be free from the problem.
As mentioned already, WhatsApp Desktop v0.3.9309 and earlier versions are affected by the vulnerability, so you should update to the latest version as soon as possible. You can also learn more about the issue from Weizman’s report on the official PerimeterX blog.
Source: National Vulnerability Database