Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
navercorp whale vulnerabilities and exploits
(subscribe to this query)
383
VMScore
CVE-2022-24071
A Built-in extension in Whale browser prior to 3.12.129.46 allows malicious users to compromise the rendering process which could lead to controlling browser internal APIs.
Navercorp Whale
383
VMScore
CVE-2022-24072
The devtools API in Whale browser prior to 3.12.129.18 allowed extension developers to inject arbitrary JavaScript into the extension store web page via devtools.inspectedWindow, leading to extensions downloading and uploading when users open the developer tool.
Navercorp Whale
516
VMScore
CVE-2022-24073
The Web Request API in Whale browser prior to 3.12.129.18 allowed to deny access to the extension store or redirect to any URL when users access the store.
Navercorp Whale
668
VMScore
CVE-2022-24074
Whale Bridge, a default extension in Whale browser prior to 3.12.129.18, allowed to receive any SendMessage request from the content script itself that could lead to controlling Whale Bridge if the rendering process compromises.
Navercorp Whale
383
VMScore
CVE-2022-24075
Whale browser prior to 3.12.129.18 allowed extensions to replace JavaScript files of the HWP viewer website which could access to local HWP files. When the HWP files were opened, the replaced script could read the files.
Navercorp Whale
445
VMScore
CVE-2018-7635
Whale Browser prior to 1.0.41.8 displays no URL information but only a title of a web page on the browser's address bar when visiting a blank page, which allows an malicious user to display a malicious web page with a fake domain name.
Navercorp Whale
445
VMScore
CVE-2020-9754
NAVER Whale browser mobile app prior to 1.10.6.2 allows the malicious user to bypass its browser unlock function via incognito mode.
Navercorp Whale
445
VMScore
CVE-2018-12448
Whale Browser prior to 1.3.48.4 displays no URL information but only a title of a web page on the browser's address bar when visiting a non-http page, which allows an malicious user to display a malicious web page with a fake domain name.
Navercorp Whale
605
VMScore
CVE-2018-12449
The Whale browser installer 0.4.3.0 and previous versions versions allows DLL hijacking.
Navercorp Whale
454
VMScore
CVE-2018-9859
The path of Whale update service was unquoted in NAVER Whale prior to 1.0.40.7. This vulnerability can be used for persistent privilege escalation if it's available to create an executable file with System privilege by other vulnerable applications.
Navercorp Whale
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-49223
CVE-2024-0044
information disclosure
CVE-2024-35753
HTML injection
CVE-2024-21306
CVE-2024-35733
SQL injection
CVE-2024-35732
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »