However, the vulnerability has now been fixed by the messaging services parent company, Facebook.
CSP rules are super important and could have prevented a big part of this mess.
If the CSP rules were well configured, the power gained by this XSS would have been much smaller.
According to Weizman, WhatsApp should not use older version of Googles Chromium-web client platform to avoid such flaws.
Other browsers such as Safari are still wide open to these vulnerabilities, PerimeterX notes.
The vulnerability was patched by Facebook last year after receiving an alert from Weizman.
The bug was promptly fixed and has been applied since mid-December.
source: www.techworm.net
