After joining a group chat, a user could edit specific message parameters using the WhatsApp web interface and a browser debugging tool. Then they could create an “unstoppable crash-loop for all group chat members” which could only be fixed by uninstalling and reinstalling the app. The exploit would prevent members from returning to the group and and also lose all history of the chat.
This follows another WhatsApp vulnerability discovered by Check Point last year. The FakesApp vulnerability, as it is known, allowed people to manipulate messages in group chats to make it appear as if other users had said things they had not. This worked by manipulating the parameters used by the WhatsApp web interface to fake the apparent sender of a message.
After finding the latest defect, Check Point disclosed the problem to WhatsApp in August as part of a bug bounty program. WhatsApp patched the issue in September with version 2.19.58, so take this as a reminder to keep your apps up to date.