When WhatsApp switched on end-to-end encryption for its billion-plus users last year, the move heralded a new era for messaging apps, one where foiling virtually all eavesdropping represents the new security standard.
But a pair of new attacks on the web versions of those “secure” messengers shows how just a few lines of insecure code can undermine even the most airtight encryption—particularly when they’re running in your browser.