Security News > 2022 > March > WhatsApp emits extension to detect tampering with desktop web apps

WhatsApp emits extension to detect tampering with desktop web apps
2022-03-10 21:04

WhatsApp and Cloudflare have teamed up to provide desktop users of WhatsApp's web client with a browser extension called Code Verify that checks the integrity of the software running in their browser.

The Meta-owned biz would like to add more security to its web client, because web security differs from native app security and WhatsApp is seeing more web usage.

Where subsource integrity checks individual files against a cryptographic hash, Code Verify looks at all the JavaScript code on the WhatsApp web page.

"When users run WhatsApp in their browser, the WhatsApp Code Verify extension compares a hash of that code that is executing in their browser with the hash that Cloudflare has - enabling them to easily see whether the code that is executing is the code that should be."

WhatsApp's integrity checking extension could make users of WhatsApp and other services that implement Code Verity less inclined to install extensions that alter social network functions and pose potential security concerns by raising alerts.

"It also does not read or access the messages you send or receive. In fact, neither WhatsApp nor Meta will know whether someone has downloaded the Code Verify extension. Additionally, the Code Verify extension never sends messages or chats between WhatsApp users to Cloudflare."


News URL

https://go.theregister.com/feed/www.theregister.com/2022/03/10/whatsapp_cloudflare_code/

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Whatsapp 5 1 23 13 2 39