Search criteria
51 vulnerabilities found for whale by navercorp
FKIE_CVE-2025-62585
Vulnerability from fkie_nvd - Published: 2025-10-16 07:15 - Updated: 2025-10-21 13:13
Severity ?
Summary
Whale browser before 4.33.325.17 allows an attacker to bypass the Content Security Policy via a specific scheme in a dual-tab environment.
References
| URL | Tags | ||
|---|---|---|---|
| cve@navercorp.com | https://cve.naver.com/detail/cve-2025-62585.html | Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:navercorp:whale:*:*:*:*:*:*:*:*",
"matchCriteriaId": "58B46536-56DC-45CD-9F7C-4A0FC1875500",
"versionEndExcluding": "4.33.325.17",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Whale browser before 4.33.325.17 allows an attacker to bypass the Content Security Policy via a specific scheme in a dual-tab environment."
}
],
"id": "CVE-2025-62585",
"lastModified": "2025-10-21T13:13:19.683",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2025-10-16T07:15:33.963",
"references": [
{
"source": "cve@navercorp.com",
"tags": [
"Vendor Advisory"
],
"url": "https://cve.naver.com/detail/cve-2025-62585.html"
}
],
"sourceIdentifier": "cve@navercorp.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-358"
}
],
"source": "cve@navercorp.com",
"type": "Secondary"
}
]
}
FKIE_CVE-2025-62584
Vulnerability from fkie_nvd - Published: 2025-10-16 07:15 - Updated: 2025-10-21 13:24
Severity ?
Summary
Whale browser before 4.33.325.17 allows an attacker to bypass the Same-Origin Policy in a dual-tab environment.
References
| URL | Tags | ||
|---|---|---|---|
| cve@navercorp.com | https://cve.naver.com/detail/cve-2025-62584.html | Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:navercorp:whale:*:*:*:*:*:*:*:*",
"matchCriteriaId": "58B46536-56DC-45CD-9F7C-4A0FC1875500",
"versionEndExcluding": "4.33.325.17",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Whale browser before 4.33.325.17 allows an attacker to bypass the Same-Origin Policy in a dual-tab environment."
}
],
"id": "CVE-2025-62584",
"lastModified": "2025-10-21T13:24:55.783",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2025-10-16T07:15:33.833",
"references": [
{
"source": "cve@navercorp.com",
"tags": [
"Vendor Advisory"
],
"url": "https://cve.naver.com/detail/cve-2025-62584.html"
}
],
"sourceIdentifier": "cve@navercorp.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-346"
}
],
"source": "cve@navercorp.com",
"type": "Secondary"
}
]
}
FKIE_CVE-2025-62583
Vulnerability from fkie_nvd - Published: 2025-10-16 07:15 - Updated: 2025-10-21 13:26
Severity ?
Summary
Whale Browser before 4.33.325.17 allows an attacker to escape the iframe sandbox in a dual-tab environment.
References
| URL | Tags | ||
|---|---|---|---|
| cve@navercorp.com | https://cve.naver.com/detail/cve-2025-62583.html | Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:navercorp:whale:*:*:*:*:*:*:*:*",
"matchCriteriaId": "58B46536-56DC-45CD-9F7C-4A0FC1875500",
"versionEndExcluding": "4.33.325.17",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Whale Browser before 4.33.325.17 allows an attacker to escape the iframe sandbox in a dual-tab environment."
}
],
"id": "CVE-2025-62583",
"lastModified": "2025-10-21T13:26:06.710",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2025-10-16T07:15:33.683",
"references": [
{
"source": "cve@navercorp.com",
"tags": [
"Vendor Advisory"
],
"url": "https://cve.naver.com/detail/cve-2025-62583.html"
}
],
"sourceIdentifier": "cve@navercorp.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-358"
}
],
"source": "cve@navercorp.com",
"type": "Secondary"
}
]
}
FKIE_CVE-2025-53600
Vulnerability from fkie_nvd - Published: 2025-07-04 08:15 - Updated: 2025-10-01 13:45
Severity ?
Summary
Whale browser before 4.32.315.22 allow an attacker to bypass the Same-Origin Policy in a dual-tab environment.
References
| URL | Tags | ||
|---|---|---|---|
| cve@navercorp.com | https://cve.naver.com/detail/cve-2025-53600.html | Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:navercorp:whale:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F8B1F130-354E-403D-8B2E-9EF60893EAAC",
"versionEndExcluding": "4.32.315.22",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Whale browser before 4.32.315.22 allow an attacker to bypass the Same-Origin Policy in a dual-tab environment."
},
{
"lang": "es",
"value": "Los navegadores Whale anteriores a la versi\u00f3n 4.32.315.22 permiten que un atacante eluda la pol\u00edtica del mismo origen en un entorno de doble pesta\u00f1a."
}
],
"id": "CVE-2025-53600",
"lastModified": "2025-10-01T13:45:25.210",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2025-07-04T08:15:25.823",
"references": [
{
"source": "cve@navercorp.com",
"tags": [
"Vendor Advisory"
],
"url": "https://cve.naver.com/detail/cve-2025-53600.html"
}
],
"sourceIdentifier": "cve@navercorp.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-346"
}
],
"source": "cve@navercorp.com",
"type": "Secondary"
}
]
}
FKIE_CVE-2025-53599
Vulnerability from fkie_nvd - Published: 2025-07-04 08:15 - Updated: 2025-10-01 13:49
Severity ?
Summary
Whale browser for iOS before 3.9.1.4206 allow an attacker to execute malicious scripts in the browser via a crafted javascript scheme.
References
| URL | Tags | ||
|---|---|---|---|
| cve@navercorp.com | https://cve.naver.com/detail/cve-2025-53599.html | Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:navercorp:whale:*:*:*:*:*:iphone_os:*:*",
"matchCriteriaId": "2511AF97-976C-42D4-9369-D495F30E9141",
"versionEndExcluding": "3.9.1.4206",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Whale browser for iOS before 3.9.1.4206 allow an attacker to execute malicious scripts in the browser via a crafted javascript scheme."
},
{
"lang": "es",
"value": "El navegador Whale para iOS anterior a la versi\u00f3n 3.9.1.4206 permite a un atacante ejecutar scripts maliciosos en el navegador a trav\u00e9s de un esquema de JavaScript manipulado espec\u00edficamente."
}
],
"id": "CVE-2025-53599",
"lastModified": "2025-10-01T13:49:43.387",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2025-07-04T08:15:25.687",
"references": [
{
"source": "cve@navercorp.com",
"tags": [
"Vendor Advisory"
],
"url": "https://cve.naver.com/detail/cve-2025-53599.html"
}
],
"sourceIdentifier": "cve@navercorp.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "cve@navercorp.com",
"type": "Secondary"
}
]
}
FKIE_CVE-2020-9754
Vulnerability from fkie_nvd - Published: 2022-06-27 02:15 - Updated: 2024-11-21 05:41
Severity ?
Summary
NAVER Whale browser mobile app before 1.10.6.2 allows the attacker to bypass its browser unlock function via incognito mode.
References
| URL | Tags | ||
|---|---|---|---|
| cve@navercorp.com | https://cve.naver.com/detail/cve-2020-9754.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://cve.naver.com/detail/cve-2020-9754.html | Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:navercorp:whale:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F0FE3C89-6E05-4348-8F00-CE4FFB9C4D5F",
"versionEndExcluding": "1.10.6.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "NAVER Whale browser mobile app before 1.10.6.2 allows the attacker to bypass its browser unlock function via incognito mode."
},
{
"lang": "es",
"value": "La aplicaci\u00f3n m\u00f3vil del navegador NAVER Whale versiones anteriores a 1.10.6.2 permite al atacante omitir su funci\u00f3n de desbloqueo del navegador por medio del modo inc\u00f3gnito"
}
],
"id": "CVE-2020-9754",
"lastModified": "2024-11-21T05:41:13.317",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-06-27T02:15:06.977",
"references": [
{
"source": "cve@navercorp.com",
"tags": [
"Vendor Advisory"
],
"url": "https://cve.naver.com/detail/cve-2020-9754.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://cve.naver.com/detail/cve-2020-9754.html"
}
],
"sourceIdentifier": "cve@navercorp.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-284"
}
],
"source": "cve@navercorp.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2022-24075
Vulnerability from fkie_nvd - Published: 2022-03-17 06:15 - Updated: 2024-11-21 06:49
Severity ?
Summary
Whale browser before 3.12.129.18 allowed extensions to replace JavaScript files of the HWP viewer website which could access to local HWP files. When the HWP files were opened, the replaced script could read the files.
References
| URL | Tags | ||
|---|---|---|---|
| cve@navercorp.com | https://cve.naver.com/detail/cve-2022-24075 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://cve.naver.com/detail/cve-2022-24075 | Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:navercorp:whale:*:*:*:*:*:*:*:*",
"matchCriteriaId": "47138F1B-655D-4459-905C-7BFA3A326DC5",
"versionEndExcluding": "3.12.129.18",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Whale browser before 3.12.129.18 allowed extensions to replace JavaScript files of the HWP viewer website which could access to local HWP files. When the HWP files were opened, the replaced script could read the files."
},
{
"lang": "es",
"value": "Whale browser versiones anteriores a 3.12.129.18, permit\u00eda que las extensiones sustituyeran a archivos JavaScript del sitio web del visualizador de HWP que pod\u00edan acceder a archivos locales de HWP. Cuando eran abiertos archivos HWP, el script sustituido pod\u00eda leer los archivos"
}
],
"id": "CVE-2022-24075",
"lastModified": "2024-11-21T06:49:46.480",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-03-17T06:15:06.950",
"references": [
{
"source": "cve@navercorp.com",
"tags": [
"Vendor Advisory"
],
"url": "https://cve.naver.com/detail/cve-2022-24075"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://cve.naver.com/detail/cve-2022-24075"
}
],
"sourceIdentifier": "cve@navercorp.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-552"
}
],
"source": "cve@navercorp.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-552"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2022-24072
Vulnerability from fkie_nvd - Published: 2022-03-17 06:15 - Updated: 2024-11-21 06:49
Severity ?
Summary
The devtools API in Whale browser before 3.12.129.18 allowed extension developers to inject arbitrary JavaScript into the extension store web page via devtools.inspectedWindow, leading to extensions downloading and uploading when users open the developer tool.
References
| URL | Tags | ||
|---|---|---|---|
| cve@navercorp.com | https://cve.naver.com/detail/cve-2022-24072 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://cve.naver.com/detail/cve-2022-24072 | Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:navercorp:whale:*:*:*:*:*:*:*:*",
"matchCriteriaId": "47138F1B-655D-4459-905C-7BFA3A326DC5",
"versionEndExcluding": "3.12.129.18",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The devtools API in Whale browser before 3.12.129.18 allowed extension developers to inject arbitrary JavaScript into the extension store web page via devtools.inspectedWindow, leading to extensions downloading and uploading when users open the developer tool."
},
{
"lang": "es",
"value": "La API devtools en Whale browser versiones anteriores a 3.12.129.18, permit\u00eda a desarrolladores de extensiones inyectar JavaScript arbitrario en la p\u00e1gina web de la tienda de extensiones por medio de devtools.inspectedWindow, conllevando a una descarga y carga de extensiones cuando los usuarios abr\u00edan la herramienta para desarrolladores"
}
],
"id": "CVE-2022-24072",
"lastModified": "2024-11-21T06:49:46.170",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-03-17T06:15:06.627",
"references": [
{
"source": "cve@navercorp.com",
"tags": [
"Vendor Advisory"
],
"url": "https://cve.naver.com/detail/cve-2022-24072"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://cve.naver.com/detail/cve-2022-24072"
}
],
"sourceIdentifier": "cve@navercorp.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-269"
}
],
"source": "cve@navercorp.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2022-24074
Vulnerability from fkie_nvd - Published: 2022-03-17 06:15 - Updated: 2024-11-21 06:49
Severity ?
Summary
Whale Bridge, a default extension in Whale browser before 3.12.129.18, allowed to receive any SendMessage request from the content script itself that could lead to controlling Whale Bridge if the rendering process compromises.
References
| URL | Tags | ||
|---|---|---|---|
| cve@navercorp.com | https://cve.naver.com/detail/cve-2022-24074 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://cve.naver.com/detail/cve-2022-24074 | Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:navercorp:whale:*:*:*:*:*:*:*:*",
"matchCriteriaId": "47138F1B-655D-4459-905C-7BFA3A326DC5",
"versionEndExcluding": "3.12.129.18",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Whale Bridge, a default extension in Whale browser before 3.12.129.18, allowed to receive any SendMessage request from the content script itself that could lead to controlling Whale Bridge if the rendering process compromises."
},
{
"lang": "es",
"value": "Whale Bridge, una extensi\u00f3n por defecto en el navegador Whale versiones anteriores a 3.12.129.18, permit\u00eda recibir cualquier petici\u00f3n SendMessage desde el propio script de contenido que pod\u00eda conllevar a el control de Whale Bridge si el proceso de renderizado es comprometido"
}
],
"id": "CVE-2022-24074",
"lastModified": "2024-11-21T06:49:46.380",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-03-17T06:15:06.887",
"references": [
{
"source": "cve@navercorp.com",
"tags": [
"Vendor Advisory"
],
"url": "https://cve.naver.com/detail/cve-2022-24074"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://cve.naver.com/detail/cve-2022-24074"
}
],
"sourceIdentifier": "cve@navercorp.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-668"
}
],
"source": "cve@navercorp.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-668"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2022-24073
Vulnerability from fkie_nvd - Published: 2022-03-17 06:15 - Updated: 2024-11-21 06:49
Severity ?
Summary
The Web Request API in Whale browser before 3.12.129.18 allowed to deny access to the extension store or redirect to any URL when users access the store.
References
| URL | Tags | ||
|---|---|---|---|
| cve@navercorp.com | https://cve.naver.com/detail/cve-2022-24073 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://cve.naver.com/detail/cve-2022-24073 | Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:navercorp:whale:*:*:*:*:*:*:*:*",
"matchCriteriaId": "47138F1B-655D-4459-905C-7BFA3A326DC5",
"versionEndExcluding": "3.12.129.18",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Web Request API in Whale browser before 3.12.129.18 allowed to deny access to the extension store or redirect to any URL when users access the store."
},
{
"lang": "es",
"value": "La API de peticiones Web en Whale browser versiones anteriores a 3.12.129.18 permit\u00eda denegar el acceso a la tienda de extensiones o redirigir a cualquier URL cuando los usuarios acced\u00edan a la tienda"
}
],
"id": "CVE-2022-24073",
"lastModified": "2024-11-21T06:49:46.273",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.8,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-03-17T06:15:06.827",
"references": [
{
"source": "cve@navercorp.com",
"tags": [
"Vendor Advisory"
],
"url": "https://cve.naver.com/detail/cve-2022-24073"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://cve.naver.com/detail/cve-2022-24073"
}
],
"sourceIdentifier": "cve@navercorp.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-648"
}
],
"source": "cve@navercorp.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2025-62585 (GCVE-0-2025-62585)
Vulnerability from cvelistv5 – Published: 2025-10-16 06:52 – Updated: 2025-10-16 13:36
VLAI?
Summary
Whale browser before 4.33.325.17 allows an attacker to bypass the Content Security Policy via a specific scheme in a dual-tab environment.
Severity ?
7.5 (High)
CWE
- CWE-358 - Improperly Implemented Security Check for Standard
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| NAVER | NAVER Whale browser |
Unaffected:
4.33.325.17
|
Credits
Mingi Jung, mingijung.grape@gmail.com, Ulsan National Institute of Science and Technology-Web Sec Lab
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-62585",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-16T13:35:56.425333Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-16T13:36:56.579Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "NAVER Whale browser",
"vendor": "NAVER",
"versions": [
{
"status": "unaffected",
"version": "4.33.325.17"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Mingi Jung, mingijung.grape@gmail.com, Ulsan National Institute of Science and Technology-Web Sec Lab"
}
],
"descriptions": [
{
"lang": "en",
"value": "Whale browser before 4.33.325.17 allows an attacker to bypass the Content Security Policy via a specific scheme in a dual-tab environment."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-358",
"description": "CWE-358 Improperly Implemented Security Check for Standard",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-16T06:52:34.974Z",
"orgId": "f9629fae-ca2e-4fbf-9785-3ed86476aef6",
"shortName": "naver"
},
"references": [
{
"name": "NAVER Security Advisory",
"tags": [
"vendor-advisory"
],
"url": "https://cve.naver.com/detail/cve-2025-62585.html"
}
],
"source": {
"discovery": "EXTERNAL"
}
}
},
"cveMetadata": {
"assignerOrgId": "f9629fae-ca2e-4fbf-9785-3ed86476aef6",
"assignerShortName": "naver",
"cveId": "CVE-2025-62585",
"datePublished": "2025-10-16T06:52:34.974Z",
"dateReserved": "2025-10-16T06:44:59.554Z",
"dateUpdated": "2025-10-16T13:36:56.579Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-62584 (GCVE-0-2025-62584)
Vulnerability from cvelistv5 – Published: 2025-10-16 06:52 – Updated: 2025-10-16 13:38
VLAI?
Summary
Whale browser before 4.33.325.17 allows an attacker to bypass the Same-Origin Policy in a dual-tab environment.
Severity ?
7.5 (High)
CWE
- CWE-346 - Origin Validation Error
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| NAVER | NAVER Whale browser |
Unaffected:
4.33.325.17
|
Credits
Mingi Jung, mingijung.grape@gmail.com, Ulsan National Institute of Science and Technology-Web Sec Lab
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-62584",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-16T13:38:19.251887Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-16T13:38:54.575Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "NAVER Whale browser",
"vendor": "NAVER",
"versions": [
{
"status": "unaffected",
"version": "4.33.325.17"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Mingi Jung, mingijung.grape@gmail.com, Ulsan National Institute of Science and Technology-Web Sec Lab"
}
],
"descriptions": [
{
"lang": "en",
"value": "Whale browser before 4.33.325.17 allows an attacker to bypass the Same-Origin Policy in a dual-tab environment."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-346",
"description": "CWE-346 Origin Validation Error",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-16T06:52:25.232Z",
"orgId": "f9629fae-ca2e-4fbf-9785-3ed86476aef6",
"shortName": "naver"
},
"references": [
{
"name": "NAVER Security Advisory",
"tags": [
"vendor-advisory"
],
"url": "https://cve.naver.com/detail/cve-2025-62584.html"
}
],
"source": {
"discovery": "EXTERNAL"
}
}
},
"cveMetadata": {
"assignerOrgId": "f9629fae-ca2e-4fbf-9785-3ed86476aef6",
"assignerShortName": "naver",
"cveId": "CVE-2025-62584",
"datePublished": "2025-10-16T06:52:25.232Z",
"dateReserved": "2025-10-16T06:44:59.554Z",
"dateUpdated": "2025-10-16T13:38:54.575Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-62583 (GCVE-0-2025-62583)
Vulnerability from cvelistv5 – Published: 2025-10-16 06:52 – Updated: 2025-10-16 14:09
VLAI?
Summary
Whale Browser before 4.33.325.17 allows an attacker to escape the iframe sandbox in a dual-tab environment.
Severity ?
9.8 (Critical)
CWE
- CWE-358 - Improperly Implemented Security Check for Standard
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| NAVER | NAVER Whale browser |
Unaffected:
4.33.325.17
|
Credits
Mingi Jung, mingijung.grape@gmail.com, Ulsan National Institute of Science and Technology-Web Sec Lab
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-62583",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-16T13:58:39.555252Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-16T14:09:03.582Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "NAVER Whale browser",
"vendor": "NAVER",
"versions": [
{
"status": "unaffected",
"version": "4.33.325.17"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Mingi Jung, mingijung.grape@gmail.com, Ulsan National Institute of Science and Technology-Web Sec Lab"
}
],
"descriptions": [
{
"lang": "en",
"value": "Whale Browser before 4.33.325.17 allows an attacker to escape the iframe sandbox in a dual-tab environment."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-358",
"description": "CWE-358 Improperly Implemented Security Check for Standard",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-16T06:52:12.797Z",
"orgId": "f9629fae-ca2e-4fbf-9785-3ed86476aef6",
"shortName": "naver"
},
"references": [
{
"name": "NAVER Security Advisory",
"tags": [
"vendor-advisory"
],
"url": "https://cve.naver.com/detail/cve-2025-62583.html"
}
],
"source": {
"discovery": "EXTERNAL"
}
}
},
"cveMetadata": {
"assignerOrgId": "f9629fae-ca2e-4fbf-9785-3ed86476aef6",
"assignerShortName": "naver",
"cveId": "CVE-2025-62583",
"datePublished": "2025-10-16T06:52:12.797Z",
"dateReserved": "2025-10-16T06:44:59.553Z",
"dateUpdated": "2025-10-16T14:09:03.582Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-53600 (GCVE-0-2025-53600)
Vulnerability from cvelistv5 – Published: 2025-07-04 07:20 – Updated: 2025-07-08 17:39
VLAI?
Summary
Whale browser before 4.32.315.22 allow an attacker to bypass the Same-Origin Policy in a dual-tab environment.
Severity ?
7.5 (High)
CWE
- CWE-346 - Origin Validation Error
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| NAVER | NAVER Whale browser |
Unaffected:
4.32.315.22
|
Credits
Mingi Jung (UNIST WebSec), mingijung.grape@gmail.com, Ulsan National Institute of Science and Technology Web Sec Lab
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-53600",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-07T19:46:16.025413Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-08T17:39:08.750Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "NAVER Whale browser",
"vendor": "NAVER",
"versions": [
{
"status": "unaffected",
"version": "4.32.315.22"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Mingi Jung (UNIST WebSec), mingijung.grape@gmail.com, Ulsan National Institute of Science and Technology Web Sec Lab"
}
],
"descriptions": [
{
"lang": "en",
"value": "Whale browser before 4.32.315.22 allow an attacker to bypass the Same-Origin Policy in a dual-tab environment."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-346",
"description": "CWE-346 Origin Validation Error",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-04T07:20:26.014Z",
"orgId": "f9629fae-ca2e-4fbf-9785-3ed86476aef6",
"shortName": "naver"
},
"references": [
{
"name": "NAVER Security Advisory",
"tags": [
"vendor-advisory"
],
"url": "https://cve.naver.com/detail/cve-2025-53600.html"
}
],
"source": {
"discovery": "EXTERNAL"
}
}
},
"cveMetadata": {
"assignerOrgId": "f9629fae-ca2e-4fbf-9785-3ed86476aef6",
"assignerShortName": "naver",
"cveId": "CVE-2025-53600",
"datePublished": "2025-07-04T07:20:26.014Z",
"dateReserved": "2025-07-04T07:13:26.677Z",
"dateUpdated": "2025-07-08T17:39:08.750Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-53599 (GCVE-0-2025-53599)
Vulnerability from cvelistv5 – Published: 2025-07-04 07:20 – Updated: 2025-07-08 17:39
VLAI?
Summary
Whale browser for iOS before 3.9.1.4206 allow an attacker to execute malicious scripts in the browser via a crafted javascript scheme.
Severity ?
9.8 (Critical)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| NAVER | NAVER Whale browser |
Unaffected:
3.9.1.4206
|
Credits
un3xploitable
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-53599",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-07T19:46:24.649720Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-08T17:39:15.377Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"platforms": [
"iOS"
],
"product": "NAVER Whale browser",
"vendor": "NAVER",
"versions": [
{
"status": "unaffected",
"version": "3.9.1.4206"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "un3xploitable"
}
],
"descriptions": [
{
"lang": "en",
"value": "Whale browser for iOS before 3.9.1.4206 allow an attacker to execute malicious scripts in the browser via a crafted javascript scheme."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-04T07:20:11.124Z",
"orgId": "f9629fae-ca2e-4fbf-9785-3ed86476aef6",
"shortName": "naver"
},
"references": [
{
"name": "NAVER Security Advisory",
"tags": [
"vendor-advisory"
],
"url": "https://cve.naver.com/detail/cve-2025-53599.html"
}
],
"source": {
"discovery": "EXTERNAL"
}
}
},
"cveMetadata": {
"assignerOrgId": "f9629fae-ca2e-4fbf-9785-3ed86476aef6",
"assignerShortName": "naver",
"cveId": "CVE-2025-53599",
"datePublished": "2025-07-04T07:20:11.124Z",
"dateReserved": "2025-07-04T07:13:26.676Z",
"dateUpdated": "2025-07-08T17:39:15.377Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-9754 (GCVE-0-2020-9754)
Vulnerability from cvelistv5 – Published: 2022-06-27 01:40 – Updated: 2024-08-04 10:43
VLAI?
Summary
NAVER Whale browser mobile app before 1.10.6.2 allows the attacker to bypass its browser unlock function via incognito mode.
Severity ?
No CVSS data available.
CWE
- CWE-284 - Improper Access Control
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| NAVER | NAVER Whale browser |
Affected:
unspecified , < 1.10.6.2
(custom)
|
Credits
Jaeyong Bae(jdragon.bae@gmail.com)
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T10:43:04.600Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cve.naver.com/detail/cve-2020-9754.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "NAVER Whale browser",
"vendor": "NAVER",
"versions": [
{
"lessThan": "1.10.6.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Jaeyong Bae(jdragon.bae@gmail.com)"
}
],
"descriptions": [
{
"lang": "en",
"value": "NAVER Whale browser mobile app before 1.10.6.2 allows the attacker to bypass its browser unlock function via incognito mode."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284: Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-27T01:40:09",
"orgId": "f9629fae-ca2e-4fbf-9785-3ed86476aef6",
"shortName": "naver"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cve.naver.com/detail/cve-2020-9754.html"
}
],
"source": {
"discovery": "EXTERNAL"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@navercorp.com",
"ID": "CVE-2020-9754",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "NAVER Whale browser",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "1.10.6.2"
}
]
}
}
]
},
"vendor_name": "NAVER"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Jaeyong Bae(jdragon.bae@gmail.com)"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "NAVER Whale browser mobile app before 1.10.6.2 allows the attacker to bypass its browser unlock function via incognito mode."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-284: Improper Access Control"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cve.naver.com/detail/cve-2020-9754.html",
"refsource": "CONFIRM",
"url": "https://cve.naver.com/detail/cve-2020-9754.html"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f9629fae-ca2e-4fbf-9785-3ed86476aef6",
"assignerShortName": "naver",
"cveId": "CVE-2020-9754",
"datePublished": "2022-06-27T01:40:09",
"dateReserved": "2020-03-02T00:00:00",
"dateUpdated": "2024-08-04T10:43:04.600Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-24075 (GCVE-0-2022-24075)
Vulnerability from cvelistv5 – Published: 2022-03-17 05:20 – Updated: 2024-08-03 03:59
VLAI?
Summary
Whale browser before 3.12.129.18 allowed extensions to replace JavaScript files of the HWP viewer website which could access to local HWP files. When the HWP files were opened, the replaced script could read the files.
Severity ?
No CVSS data available.
CWE
- CWE-552 - Files or Directories Accessible to External Parties
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| NAVER | NAVER Whale browser |
Affected:
unspecified , < 3.12.129.46
(custom)
|
Credits
Young Min Kim
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:59:23.602Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cve.naver.com/detail/cve-2022-24075"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "NAVER Whale browser",
"vendor": "NAVER",
"versions": [
{
"lessThan": "3.12.129.46",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Young Min Kim"
}
],
"descriptions": [
{
"lang": "en",
"value": "Whale browser before 3.12.129.18 allowed extensions to replace JavaScript files of the HWP viewer website which could access to local HWP files. When the HWP files were opened, the replaced script could read the files."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-552",
"description": "CWE-552: Files or Directories Accessible to External Parties",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-03-17T05:20:17",
"orgId": "f9629fae-ca2e-4fbf-9785-3ed86476aef6",
"shortName": "naver"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cve.naver.com/detail/cve-2022-24075"
}
],
"source": {
"discovery": "EXTERNAL"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@navercorp.com",
"ID": "CVE-2022-24075",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "NAVER Whale browser",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "3.12.129.46"
}
]
}
}
]
},
"vendor_name": "NAVER"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Young Min Kim"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Whale browser before 3.12.129.18 allowed extensions to replace JavaScript files of the HWP viewer website which could access to local HWP files. When the HWP files were opened, the replaced script could read the files."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-552: Files or Directories Accessible to External Parties"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cve.naver.com/detail/cve-2022-24075",
"refsource": "CONFIRM",
"url": "https://cve.naver.com/detail/cve-2022-24075"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f9629fae-ca2e-4fbf-9785-3ed86476aef6",
"assignerShortName": "naver",
"cveId": "CVE-2022-24075",
"datePublished": "2022-03-17T05:20:17",
"dateReserved": "2022-01-27T00:00:00",
"dateUpdated": "2024-08-03T03:59:23.602Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-24074 (GCVE-0-2022-24074)
Vulnerability from cvelistv5 – Published: 2022-03-17 05:20 – Updated: 2024-08-03 03:59
VLAI?
Summary
Whale Bridge, a default extension in Whale browser before 3.12.129.18, allowed to receive any SendMessage request from the content script itself that could lead to controlling Whale Bridge if the rendering process compromises.
Severity ?
No CVSS data available.
CWE
- CWE-668 - Exposure of Resource to Wrong Sphere
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| NAVER | NAVER Whale browser |
Affected:
unspecified , < 3.12.129.46
(custom)
|
Credits
Young Min Kim
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:59:23.649Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cve.naver.com/detail/cve-2022-24074"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "NAVER Whale browser",
"vendor": "NAVER",
"versions": [
{
"lessThan": "3.12.129.46",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Young Min Kim"
}
],
"descriptions": [
{
"lang": "en",
"value": "Whale Bridge, a default extension in Whale browser before 3.12.129.18, allowed to receive any SendMessage request from the content script itself that could lead to controlling Whale Bridge if the rendering process compromises."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-668",
"description": "CWE-668: Exposure of Resource to Wrong Sphere",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-03-17T05:20:16",
"orgId": "f9629fae-ca2e-4fbf-9785-3ed86476aef6",
"shortName": "naver"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cve.naver.com/detail/cve-2022-24074"
}
],
"source": {
"discovery": "EXTERNAL"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@navercorp.com",
"ID": "CVE-2022-24074",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "NAVER Whale browser",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "3.12.129.46"
}
]
}
}
]
},
"vendor_name": "NAVER"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Young Min Kim"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Whale Bridge, a default extension in Whale browser before 3.12.129.18, allowed to receive any SendMessage request from the content script itself that could lead to controlling Whale Bridge if the rendering process compromises."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-668: Exposure of Resource to Wrong Sphere"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cve.naver.com/detail/cve-2022-24074",
"refsource": "CONFIRM",
"url": "https://cve.naver.com/detail/cve-2022-24074"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f9629fae-ca2e-4fbf-9785-3ed86476aef6",
"assignerShortName": "naver",
"cveId": "CVE-2022-24074",
"datePublished": "2022-03-17T05:20:16",
"dateReserved": "2022-01-27T00:00:00",
"dateUpdated": "2024-08-03T03:59:23.649Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-24073 (GCVE-0-2022-24073)
Vulnerability from cvelistv5 – Published: 2022-03-17 05:20 – Updated: 2024-08-03 03:59
VLAI?
Summary
The Web Request API in Whale browser before 3.12.129.18 allowed to deny access to the extension store or redirect to any URL when users access the store.
Severity ?
No CVSS data available.
CWE
- CWE-648 - Incorrect Use of Privileged APIs
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| NAVER | NAVER Whale browser |
Affected:
unspecified , < 3.12.129.46
(custom)
|
Credits
Young Min Kim
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:59:23.677Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cve.naver.com/detail/cve-2022-24073"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "NAVER Whale browser",
"vendor": "NAVER",
"versions": [
{
"lessThan": "3.12.129.46",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Young Min Kim"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Web Request API in Whale browser before 3.12.129.18 allowed to deny access to the extension store or redirect to any URL when users access the store."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-648",
"description": "CWE-648: Incorrect Use of Privileged APIs",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-03-17T05:20:14",
"orgId": "f9629fae-ca2e-4fbf-9785-3ed86476aef6",
"shortName": "naver"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cve.naver.com/detail/cve-2022-24073"
}
],
"source": {
"discovery": "EXTERNAL"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@navercorp.com",
"ID": "CVE-2022-24073",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "NAVER Whale browser",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "3.12.129.46"
}
]
}
}
]
},
"vendor_name": "NAVER"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Young Min Kim"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Web Request API in Whale browser before 3.12.129.18 allowed to deny access to the extension store or redirect to any URL when users access the store."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-648: Incorrect Use of Privileged APIs"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cve.naver.com/detail/cve-2022-24073",
"refsource": "CONFIRM",
"url": "https://cve.naver.com/detail/cve-2022-24073"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f9629fae-ca2e-4fbf-9785-3ed86476aef6",
"assignerShortName": "naver",
"cveId": "CVE-2022-24073",
"datePublished": "2022-03-17T05:20:14",
"dateReserved": "2022-01-27T00:00:00",
"dateUpdated": "2024-08-03T03:59:23.677Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-24072 (GCVE-0-2022-24072)
Vulnerability from cvelistv5 – Published: 2022-03-17 05:20 – Updated: 2024-08-03 03:59
VLAI?
Summary
The devtools API in Whale browser before 3.12.129.18 allowed extension developers to inject arbitrary JavaScript into the extension store web page via devtools.inspectedWindow, leading to extensions downloading and uploading when users open the developer tool.
Severity ?
No CVSS data available.
CWE
- CWE-269 - Improper Privilege Management
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| NAVER | NAVER Whale browser |
Affected:
unspecified , < 3.12.129.46
(custom)
|
Credits
Young Min Kim
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:59:23.580Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cve.naver.com/detail/cve-2022-24072"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "NAVER Whale browser",
"vendor": "NAVER",
"versions": [
{
"lessThan": "3.12.129.46",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Young Min Kim"
}
],
"descriptions": [
{
"lang": "en",
"value": "The devtools API in Whale browser before 3.12.129.18 allowed extension developers to inject arbitrary JavaScript into the extension store web page via devtools.inspectedWindow, leading to extensions downloading and uploading when users open the developer tool."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269: Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-03-17T05:20:13",
"orgId": "f9629fae-ca2e-4fbf-9785-3ed86476aef6",
"shortName": "naver"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cve.naver.com/detail/cve-2022-24072"
}
],
"source": {
"discovery": "EXTERNAL"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@navercorp.com",
"ID": "CVE-2022-24072",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "NAVER Whale browser",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "3.12.129.46"
}
]
}
}
]
},
"vendor_name": "NAVER"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Young Min Kim"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The devtools API in Whale browser before 3.12.129.18 allowed extension developers to inject arbitrary JavaScript into the extension store web page via devtools.inspectedWindow, leading to extensions downloading and uploading when users open the developer tool."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-269: Improper Privilege Management"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cve.naver.com/detail/cve-2022-24072",
"refsource": "CONFIRM",
"url": "https://cve.naver.com/detail/cve-2022-24072"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f9629fae-ca2e-4fbf-9785-3ed86476aef6",
"assignerShortName": "naver",
"cveId": "CVE-2022-24072",
"datePublished": "2022-03-17T05:20:13",
"dateReserved": "2022-01-27T00:00:00",
"dateUpdated": "2024-08-03T03:59:23.580Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-62585 (GCVE-0-2025-62585)
Vulnerability from nvd – Published: 2025-10-16 06:52 – Updated: 2025-10-16 13:36
VLAI?
Summary
Whale browser before 4.33.325.17 allows an attacker to bypass the Content Security Policy via a specific scheme in a dual-tab environment.
Severity ?
7.5 (High)
CWE
- CWE-358 - Improperly Implemented Security Check for Standard
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| NAVER | NAVER Whale browser |
Unaffected:
4.33.325.17
|
Credits
Mingi Jung, mingijung.grape@gmail.com, Ulsan National Institute of Science and Technology-Web Sec Lab
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-62585",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-16T13:35:56.425333Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-16T13:36:56.579Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "NAVER Whale browser",
"vendor": "NAVER",
"versions": [
{
"status": "unaffected",
"version": "4.33.325.17"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Mingi Jung, mingijung.grape@gmail.com, Ulsan National Institute of Science and Technology-Web Sec Lab"
}
],
"descriptions": [
{
"lang": "en",
"value": "Whale browser before 4.33.325.17 allows an attacker to bypass the Content Security Policy via a specific scheme in a dual-tab environment."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-358",
"description": "CWE-358 Improperly Implemented Security Check for Standard",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-16T06:52:34.974Z",
"orgId": "f9629fae-ca2e-4fbf-9785-3ed86476aef6",
"shortName": "naver"
},
"references": [
{
"name": "NAVER Security Advisory",
"tags": [
"vendor-advisory"
],
"url": "https://cve.naver.com/detail/cve-2025-62585.html"
}
],
"source": {
"discovery": "EXTERNAL"
}
}
},
"cveMetadata": {
"assignerOrgId": "f9629fae-ca2e-4fbf-9785-3ed86476aef6",
"assignerShortName": "naver",
"cveId": "CVE-2025-62585",
"datePublished": "2025-10-16T06:52:34.974Z",
"dateReserved": "2025-10-16T06:44:59.554Z",
"dateUpdated": "2025-10-16T13:36:56.579Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-62584 (GCVE-0-2025-62584)
Vulnerability from nvd – Published: 2025-10-16 06:52 – Updated: 2025-10-16 13:38
VLAI?
Summary
Whale browser before 4.33.325.17 allows an attacker to bypass the Same-Origin Policy in a dual-tab environment.
Severity ?
7.5 (High)
CWE
- CWE-346 - Origin Validation Error
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| NAVER | NAVER Whale browser |
Unaffected:
4.33.325.17
|
Credits
Mingi Jung, mingijung.grape@gmail.com, Ulsan National Institute of Science and Technology-Web Sec Lab
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-62584",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-16T13:38:19.251887Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-16T13:38:54.575Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "NAVER Whale browser",
"vendor": "NAVER",
"versions": [
{
"status": "unaffected",
"version": "4.33.325.17"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Mingi Jung, mingijung.grape@gmail.com, Ulsan National Institute of Science and Technology-Web Sec Lab"
}
],
"descriptions": [
{
"lang": "en",
"value": "Whale browser before 4.33.325.17 allows an attacker to bypass the Same-Origin Policy in a dual-tab environment."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-346",
"description": "CWE-346 Origin Validation Error",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-16T06:52:25.232Z",
"orgId": "f9629fae-ca2e-4fbf-9785-3ed86476aef6",
"shortName": "naver"
},
"references": [
{
"name": "NAVER Security Advisory",
"tags": [
"vendor-advisory"
],
"url": "https://cve.naver.com/detail/cve-2025-62584.html"
}
],
"source": {
"discovery": "EXTERNAL"
}
}
},
"cveMetadata": {
"assignerOrgId": "f9629fae-ca2e-4fbf-9785-3ed86476aef6",
"assignerShortName": "naver",
"cveId": "CVE-2025-62584",
"datePublished": "2025-10-16T06:52:25.232Z",
"dateReserved": "2025-10-16T06:44:59.554Z",
"dateUpdated": "2025-10-16T13:38:54.575Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-62583 (GCVE-0-2025-62583)
Vulnerability from nvd – Published: 2025-10-16 06:52 – Updated: 2025-10-16 14:09
VLAI?
Summary
Whale Browser before 4.33.325.17 allows an attacker to escape the iframe sandbox in a dual-tab environment.
Severity ?
9.8 (Critical)
CWE
- CWE-358 - Improperly Implemented Security Check for Standard
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| NAVER | NAVER Whale browser |
Unaffected:
4.33.325.17
|
Credits
Mingi Jung, mingijung.grape@gmail.com, Ulsan National Institute of Science and Technology-Web Sec Lab
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-62583",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-16T13:58:39.555252Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-16T14:09:03.582Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "NAVER Whale browser",
"vendor": "NAVER",
"versions": [
{
"status": "unaffected",
"version": "4.33.325.17"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Mingi Jung, mingijung.grape@gmail.com, Ulsan National Institute of Science and Technology-Web Sec Lab"
}
],
"descriptions": [
{
"lang": "en",
"value": "Whale Browser before 4.33.325.17 allows an attacker to escape the iframe sandbox in a dual-tab environment."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-358",
"description": "CWE-358 Improperly Implemented Security Check for Standard",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-16T06:52:12.797Z",
"orgId": "f9629fae-ca2e-4fbf-9785-3ed86476aef6",
"shortName": "naver"
},
"references": [
{
"name": "NAVER Security Advisory",
"tags": [
"vendor-advisory"
],
"url": "https://cve.naver.com/detail/cve-2025-62583.html"
}
],
"source": {
"discovery": "EXTERNAL"
}
}
},
"cveMetadata": {
"assignerOrgId": "f9629fae-ca2e-4fbf-9785-3ed86476aef6",
"assignerShortName": "naver",
"cveId": "CVE-2025-62583",
"datePublished": "2025-10-16T06:52:12.797Z",
"dateReserved": "2025-10-16T06:44:59.553Z",
"dateUpdated": "2025-10-16T14:09:03.582Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-53600 (GCVE-0-2025-53600)
Vulnerability from nvd – Published: 2025-07-04 07:20 – Updated: 2025-07-08 17:39
VLAI?
Summary
Whale browser before 4.32.315.22 allow an attacker to bypass the Same-Origin Policy in a dual-tab environment.
Severity ?
7.5 (High)
CWE
- CWE-346 - Origin Validation Error
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| NAVER | NAVER Whale browser |
Unaffected:
4.32.315.22
|
Credits
Mingi Jung (UNIST WebSec), mingijung.grape@gmail.com, Ulsan National Institute of Science and Technology Web Sec Lab
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-53600",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-07T19:46:16.025413Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-08T17:39:08.750Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "NAVER Whale browser",
"vendor": "NAVER",
"versions": [
{
"status": "unaffected",
"version": "4.32.315.22"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Mingi Jung (UNIST WebSec), mingijung.grape@gmail.com, Ulsan National Institute of Science and Technology Web Sec Lab"
}
],
"descriptions": [
{
"lang": "en",
"value": "Whale browser before 4.32.315.22 allow an attacker to bypass the Same-Origin Policy in a dual-tab environment."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-346",
"description": "CWE-346 Origin Validation Error",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-04T07:20:26.014Z",
"orgId": "f9629fae-ca2e-4fbf-9785-3ed86476aef6",
"shortName": "naver"
},
"references": [
{
"name": "NAVER Security Advisory",
"tags": [
"vendor-advisory"
],
"url": "https://cve.naver.com/detail/cve-2025-53600.html"
}
],
"source": {
"discovery": "EXTERNAL"
}
}
},
"cveMetadata": {
"assignerOrgId": "f9629fae-ca2e-4fbf-9785-3ed86476aef6",
"assignerShortName": "naver",
"cveId": "CVE-2025-53600",
"datePublished": "2025-07-04T07:20:26.014Z",
"dateReserved": "2025-07-04T07:13:26.677Z",
"dateUpdated": "2025-07-08T17:39:08.750Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-53599 (GCVE-0-2025-53599)
Vulnerability from nvd – Published: 2025-07-04 07:20 – Updated: 2025-07-08 17:39
VLAI?
Summary
Whale browser for iOS before 3.9.1.4206 allow an attacker to execute malicious scripts in the browser via a crafted javascript scheme.
Severity ?
9.8 (Critical)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| NAVER | NAVER Whale browser |
Unaffected:
3.9.1.4206
|
Credits
un3xploitable
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-53599",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-07T19:46:24.649720Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-08T17:39:15.377Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"platforms": [
"iOS"
],
"product": "NAVER Whale browser",
"vendor": "NAVER",
"versions": [
{
"status": "unaffected",
"version": "3.9.1.4206"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "un3xploitable"
}
],
"descriptions": [
{
"lang": "en",
"value": "Whale browser for iOS before 3.9.1.4206 allow an attacker to execute malicious scripts in the browser via a crafted javascript scheme."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-04T07:20:11.124Z",
"orgId": "f9629fae-ca2e-4fbf-9785-3ed86476aef6",
"shortName": "naver"
},
"references": [
{
"name": "NAVER Security Advisory",
"tags": [
"vendor-advisory"
],
"url": "https://cve.naver.com/detail/cve-2025-53599.html"
}
],
"source": {
"discovery": "EXTERNAL"
}
}
},
"cveMetadata": {
"assignerOrgId": "f9629fae-ca2e-4fbf-9785-3ed86476aef6",
"assignerShortName": "naver",
"cveId": "CVE-2025-53599",
"datePublished": "2025-07-04T07:20:11.124Z",
"dateReserved": "2025-07-04T07:13:26.676Z",
"dateUpdated": "2025-07-08T17:39:15.377Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-9754 (GCVE-0-2020-9754)
Vulnerability from nvd – Published: 2022-06-27 01:40 – Updated: 2024-08-04 10:43
VLAI?
Summary
NAVER Whale browser mobile app before 1.10.6.2 allows the attacker to bypass its browser unlock function via incognito mode.
Severity ?
No CVSS data available.
CWE
- CWE-284 - Improper Access Control
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| NAVER | NAVER Whale browser |
Affected:
unspecified , < 1.10.6.2
(custom)
|
Credits
Jaeyong Bae(jdragon.bae@gmail.com)
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T10:43:04.600Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cve.naver.com/detail/cve-2020-9754.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "NAVER Whale browser",
"vendor": "NAVER",
"versions": [
{
"lessThan": "1.10.6.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Jaeyong Bae(jdragon.bae@gmail.com)"
}
],
"descriptions": [
{
"lang": "en",
"value": "NAVER Whale browser mobile app before 1.10.6.2 allows the attacker to bypass its browser unlock function via incognito mode."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284: Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-27T01:40:09",
"orgId": "f9629fae-ca2e-4fbf-9785-3ed86476aef6",
"shortName": "naver"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cve.naver.com/detail/cve-2020-9754.html"
}
],
"source": {
"discovery": "EXTERNAL"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@navercorp.com",
"ID": "CVE-2020-9754",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "NAVER Whale browser",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "1.10.6.2"
}
]
}
}
]
},
"vendor_name": "NAVER"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Jaeyong Bae(jdragon.bae@gmail.com)"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "NAVER Whale browser mobile app before 1.10.6.2 allows the attacker to bypass its browser unlock function via incognito mode."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-284: Improper Access Control"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cve.naver.com/detail/cve-2020-9754.html",
"refsource": "CONFIRM",
"url": "https://cve.naver.com/detail/cve-2020-9754.html"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f9629fae-ca2e-4fbf-9785-3ed86476aef6",
"assignerShortName": "naver",
"cveId": "CVE-2020-9754",
"datePublished": "2022-06-27T01:40:09",
"dateReserved": "2020-03-02T00:00:00",
"dateUpdated": "2024-08-04T10:43:04.600Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-24075 (GCVE-0-2022-24075)
Vulnerability from nvd – Published: 2022-03-17 05:20 – Updated: 2024-08-03 03:59
VLAI?
Summary
Whale browser before 3.12.129.18 allowed extensions to replace JavaScript files of the HWP viewer website which could access to local HWP files. When the HWP files were opened, the replaced script could read the files.
Severity ?
No CVSS data available.
CWE
- CWE-552 - Files or Directories Accessible to External Parties
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| NAVER | NAVER Whale browser |
Affected:
unspecified , < 3.12.129.46
(custom)
|
Credits
Young Min Kim
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:59:23.602Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cve.naver.com/detail/cve-2022-24075"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "NAVER Whale browser",
"vendor": "NAVER",
"versions": [
{
"lessThan": "3.12.129.46",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Young Min Kim"
}
],
"descriptions": [
{
"lang": "en",
"value": "Whale browser before 3.12.129.18 allowed extensions to replace JavaScript files of the HWP viewer website which could access to local HWP files. When the HWP files were opened, the replaced script could read the files."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-552",
"description": "CWE-552: Files or Directories Accessible to External Parties",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-03-17T05:20:17",
"orgId": "f9629fae-ca2e-4fbf-9785-3ed86476aef6",
"shortName": "naver"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cve.naver.com/detail/cve-2022-24075"
}
],
"source": {
"discovery": "EXTERNAL"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@navercorp.com",
"ID": "CVE-2022-24075",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "NAVER Whale browser",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "3.12.129.46"
}
]
}
}
]
},
"vendor_name": "NAVER"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Young Min Kim"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Whale browser before 3.12.129.18 allowed extensions to replace JavaScript files of the HWP viewer website which could access to local HWP files. When the HWP files were opened, the replaced script could read the files."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-552: Files or Directories Accessible to External Parties"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cve.naver.com/detail/cve-2022-24075",
"refsource": "CONFIRM",
"url": "https://cve.naver.com/detail/cve-2022-24075"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f9629fae-ca2e-4fbf-9785-3ed86476aef6",
"assignerShortName": "naver",
"cveId": "CVE-2022-24075",
"datePublished": "2022-03-17T05:20:17",
"dateReserved": "2022-01-27T00:00:00",
"dateUpdated": "2024-08-03T03:59:23.602Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-24074 (GCVE-0-2022-24074)
Vulnerability from nvd – Published: 2022-03-17 05:20 – Updated: 2024-08-03 03:59
VLAI?
Summary
Whale Bridge, a default extension in Whale browser before 3.12.129.18, allowed to receive any SendMessage request from the content script itself that could lead to controlling Whale Bridge if the rendering process compromises.
Severity ?
No CVSS data available.
CWE
- CWE-668 - Exposure of Resource to Wrong Sphere
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| NAVER | NAVER Whale browser |
Affected:
unspecified , < 3.12.129.46
(custom)
|
Credits
Young Min Kim
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:59:23.649Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cve.naver.com/detail/cve-2022-24074"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "NAVER Whale browser",
"vendor": "NAVER",
"versions": [
{
"lessThan": "3.12.129.46",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Young Min Kim"
}
],
"descriptions": [
{
"lang": "en",
"value": "Whale Bridge, a default extension in Whale browser before 3.12.129.18, allowed to receive any SendMessage request from the content script itself that could lead to controlling Whale Bridge if the rendering process compromises."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-668",
"description": "CWE-668: Exposure of Resource to Wrong Sphere",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-03-17T05:20:16",
"orgId": "f9629fae-ca2e-4fbf-9785-3ed86476aef6",
"shortName": "naver"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cve.naver.com/detail/cve-2022-24074"
}
],
"source": {
"discovery": "EXTERNAL"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@navercorp.com",
"ID": "CVE-2022-24074",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "NAVER Whale browser",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "3.12.129.46"
}
]
}
}
]
},
"vendor_name": "NAVER"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Young Min Kim"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Whale Bridge, a default extension in Whale browser before 3.12.129.18, allowed to receive any SendMessage request from the content script itself that could lead to controlling Whale Bridge if the rendering process compromises."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-668: Exposure of Resource to Wrong Sphere"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cve.naver.com/detail/cve-2022-24074",
"refsource": "CONFIRM",
"url": "https://cve.naver.com/detail/cve-2022-24074"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f9629fae-ca2e-4fbf-9785-3ed86476aef6",
"assignerShortName": "naver",
"cveId": "CVE-2022-24074",
"datePublished": "2022-03-17T05:20:16",
"dateReserved": "2022-01-27T00:00:00",
"dateUpdated": "2024-08-03T03:59:23.649Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-24073 (GCVE-0-2022-24073)
Vulnerability from nvd – Published: 2022-03-17 05:20 – Updated: 2024-08-03 03:59
VLAI?
Summary
The Web Request API in Whale browser before 3.12.129.18 allowed to deny access to the extension store or redirect to any URL when users access the store.
Severity ?
No CVSS data available.
CWE
- CWE-648 - Incorrect Use of Privileged APIs
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| NAVER | NAVER Whale browser |
Affected:
unspecified , < 3.12.129.46
(custom)
|
Credits
Young Min Kim
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:59:23.677Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cve.naver.com/detail/cve-2022-24073"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "NAVER Whale browser",
"vendor": "NAVER",
"versions": [
{
"lessThan": "3.12.129.46",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Young Min Kim"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Web Request API in Whale browser before 3.12.129.18 allowed to deny access to the extension store or redirect to any URL when users access the store."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-648",
"description": "CWE-648: Incorrect Use of Privileged APIs",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-03-17T05:20:14",
"orgId": "f9629fae-ca2e-4fbf-9785-3ed86476aef6",
"shortName": "naver"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cve.naver.com/detail/cve-2022-24073"
}
],
"source": {
"discovery": "EXTERNAL"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@navercorp.com",
"ID": "CVE-2022-24073",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "NAVER Whale browser",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "3.12.129.46"
}
]
}
}
]
},
"vendor_name": "NAVER"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Young Min Kim"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Web Request API in Whale browser before 3.12.129.18 allowed to deny access to the extension store or redirect to any URL when users access the store."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-648: Incorrect Use of Privileged APIs"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cve.naver.com/detail/cve-2022-24073",
"refsource": "CONFIRM",
"url": "https://cve.naver.com/detail/cve-2022-24073"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f9629fae-ca2e-4fbf-9785-3ed86476aef6",
"assignerShortName": "naver",
"cveId": "CVE-2022-24073",
"datePublished": "2022-03-17T05:20:14",
"dateReserved": "2022-01-27T00:00:00",
"dateUpdated": "2024-08-03T03:59:23.677Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-24072 (GCVE-0-2022-24072)
Vulnerability from nvd – Published: 2022-03-17 05:20 – Updated: 2024-08-03 03:59
VLAI?
Summary
The devtools API in Whale browser before 3.12.129.18 allowed extension developers to inject arbitrary JavaScript into the extension store web page via devtools.inspectedWindow, leading to extensions downloading and uploading when users open the developer tool.
Severity ?
No CVSS data available.
CWE
- CWE-269 - Improper Privilege Management
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| NAVER | NAVER Whale browser |
Affected:
unspecified , < 3.12.129.46
(custom)
|
Credits
Young Min Kim
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:59:23.580Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cve.naver.com/detail/cve-2022-24072"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "NAVER Whale browser",
"vendor": "NAVER",
"versions": [
{
"lessThan": "3.12.129.46",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Young Min Kim"
}
],
"descriptions": [
{
"lang": "en",
"value": "The devtools API in Whale browser before 3.12.129.18 allowed extension developers to inject arbitrary JavaScript into the extension store web page via devtools.inspectedWindow, leading to extensions downloading and uploading when users open the developer tool."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269: Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-03-17T05:20:13",
"orgId": "f9629fae-ca2e-4fbf-9785-3ed86476aef6",
"shortName": "naver"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cve.naver.com/detail/cve-2022-24072"
}
],
"source": {
"discovery": "EXTERNAL"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@navercorp.com",
"ID": "CVE-2022-24072",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "NAVER Whale browser",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "3.12.129.46"
}
]
}
}
]
},
"vendor_name": "NAVER"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Young Min Kim"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The devtools API in Whale browser before 3.12.129.18 allowed extension developers to inject arbitrary JavaScript into the extension store web page via devtools.inspectedWindow, leading to extensions downloading and uploading when users open the developer tool."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-269: Improper Privilege Management"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cve.naver.com/detail/cve-2022-24072",
"refsource": "CONFIRM",
"url": "https://cve.naver.com/detail/cve-2022-24072"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f9629fae-ca2e-4fbf-9785-3ed86476aef6",
"assignerShortName": "naver",
"cveId": "CVE-2022-24072",
"datePublished": "2022-03-17T05:20:13",
"dateReserved": "2022-01-27T00:00:00",
"dateUpdated": "2024-08-03T03:59:23.580Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}