Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
navercorp whale vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv2
CVE-2022-24072
The devtools API in Whale browser prior to 3.12.129.18 allowed extension developers to inject arbitrary JavaScript into the extension store web page via devtools.inspectedWindow, leading to extensions downloading and uploading when users open the developer tool.
Navercorp Whale
5
CVSSv2
CVE-2021-33593
Whale browser for iOS prior to 1.14.0 has an inconsistent user interface issue that allows an malicious user to obfuscate the address bar which may lead to address bar spoofing.
Navercorp Whale
4.3
CVSSv2
CVE-2022-24071
A Built-in extension in Whale browser prior to 3.12.129.46 allows malicious users to compromise the rendering process which could lead to controlling browser internal APIs.
Navercorp Whale
4.3
CVSSv2
CVE-2022-24075
Whale browser prior to 3.12.129.18 allowed extensions to replace JavaScript files of the HWP viewer website which could access to local HWP files. When the HWP files were opened, the replaced script could read the files.
Navercorp Whale
5
CVSSv2
CVE-2018-12448
Whale Browser prior to 1.3.48.4 displays no URL information but only a title of a web page on the browser's address bar when visiting a non-http page, which allows an malicious user to display a malicious web page with a fake domain name.
Navercorp Whale
5
CVSSv2
CVE-2018-7635
Whale Browser prior to 1.0.41.8 displays no URL information but only a title of a web page on the browser's address bar when visiting a blank page, which allows an malicious user to display a malicious web page with a fake domain name.
Navercorp Whale
5
CVSSv2
CVE-2020-9754
NAVER Whale browser mobile app prior to 1.10.6.2 allows the malicious user to bypass its browser unlock function via incognito mode.
Navercorp Whale
5.8
CVSSv2
CVE-2022-24073
The Web Request API in Whale browser prior to 3.12.129.18 allowed to deny access to the extension store or redirect to any URL when users access the store.
Navercorp Whale
7.5
CVSSv2
CVE-2022-24074
Whale Bridge, a default extension in Whale browser prior to 3.12.129.18, allowed to receive any SendMessage request from the content script itself that could lead to controlling Whale Bridge if the rendering process compromises.
Navercorp Whale
6.8
CVSSv2
CVE-2018-12449
The Whale browser installer 0.4.3.0 and previous versions versions allows DLL hijacking.
Navercorp Whale
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-37316
firmware
CVE-2024-30078
CVE-2024-5995
remote code execution
logic flaw
CVE-2024-20693
CVE-2024-37315
CVE-2024-5464
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »