The flaws reside in WhatsApp Web, a browser version of the world’s most popular messaging application that also powers its Electron-based cross-platform apps for desktop operating systems. When viewed through the vulnerable desktop application, the malicious code runs on the recipients’ systems in the context of the vulnerable application. The open-redirect flaw could have had also been used to manipulate URL banners, a preview of the domain WhatsApp displays to the recipients when they receive a message containing links, and trick users into falling for phishing attacks.
Source: https://thehackernews.com/2020/02/hack-whatsapp-web.html