WeChat PC Client 0day Vulnerability and Recommended Mitigation Steps

WeChat was reported by a domestic security team to have a high‑severity 0day vulnerability in its PC (Windows) client. The flaw can be triggered by sending a specially crafted web link; when the user clicks it, the wechatweb.exe process loads shellcode and executes it entirely in memory, leaving no files or new processes.

The security team detected malicious code in the memory of wechatweb.exe, reported the issue to Tencent's emergency response center, and the vulnerability has since been patched. Users with versions earlier than 3.2.1.141 are strongly advised to update immediately.

The recommended permanent fix is to upgrade the WeChat Windows client to the latest version (3.2.1.143) via Settings → About → Check for Updates. Until the update can be applied, users can adopt temporary measures:

Enable "Use system default browser to open web pages" in Settings → General.

Avoid clicking on files or web links from unknown sources.

Additionally, spreading this information to friends who use the PC client can help reduce the threat.

For further details, the article includes promotional content for a "Top Architect" community, but the core technical information pertains to the vulnerability and its mitigation.