The Indian computer security expert Indrajeet Bhuyan has discovered a serious flaw in the web client of WhatsApp launched two weeks ago, which allows you to manage your chat via a normal browser (currently only Google Chrome is supported).
The researcher has shown that the new web client does not take into account the privacy settings of the image of the profile, which can still be displayed for the contacts that have activated the lock. The second bug discovered by Bhuyan regards the display of images of the chat, which are not darkened even after they have been deleted from the device.
Bhuyan is a real specialist in spotting bugs of WhatsApp. In recent month, he had also found WhatsApp bug which was causing the application to crash on Android devices by sending some messages to users.
Below is a video uploaded on YouTube by Indrajeet Bhuyan that shows how WhastApp Web application allows user to view profile picture of any another user even if the user has kept the profile picture privacy to 'contacts only'.