Information from kubell Co., Ltd.
Vulnerability ID:JVN#78335885
Title:Chatwork Desktop Application (Windows) uses a potentially dangerous function
Status:Vulnerable
This is a statement from the vendor itself with no modification by JPCERT/CC.
Use of Potentially Dangerous Function(CWE-676)vulnerability exists in the Chatwork desktop application (Windows) provided by kubell Co., Ltd.
By clicking on a link that has been crafted within the application, it is possible to display an arbitrary external site, and this may result in the downloading and execution of arbitrary files on the device.
The issue has been addressed in version 2.9.2, released on September 12, 2024.
The software is automatically updated when the application is launched. (If not, please download and use the latest version.)
https://go.chatwork.com/en/download/