The attackers are known to have used a PoC exploit for a fresh vulnerability in Chromium. Let me remind you that two such exploits were published on the network last week, and it is still unknown which of them we are talking about.
It should be said that currently both bugs have been fixed by Microsoft Edge, and only the first bug has been fixed in Chrome.
The fact is that WeChat also uses Chromium to open and preview links so as not to open a separate browser, which means it can be susceptible to both problems. And last week, researchers emphasized that their exploits are not able to escape the sandbox, but they can work with applications that use Chromium as a basis, without the sandbox.
Qingteng Cloud Security said it has already notified WeChat developer Tencent of the issue, and the company has rushed to integrate the latest Chromium security updates into its app.
Let me remind you that I wrote that Chrome frantically fixes 0-day vulnerabilities again.