Naver Naver Whale Browser
16 CVEs affecting Naver Naver Whale Browser. Latest disclosed: 2025-12-30. Critical: 5, High: 5.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2025-62583 | Critical | 9.8 | 2025-10-16 | Whale Browser before 4.33.325.17 allows an attacker to escape the iframe sandbox in a dual-tab environment. |
CVE-2025-53599 | Critical | 9.8 | 2025-07-04 | Whale browser for iOS before 3.9.1.4206 allow an attacker to execute malicious scripts in the browser via a crafted javascript scheme. |
CVE-2022-24074 | Critical | 9.8 | 2022-03-17 | Whale Bridge, a default extension in Whale browser before 3.12.129.18, allowed to receive any SendMessage request from the content script itself that could lea… |
CVE-2024-40618 | Critical | 9.6 | 2024-07-11 | Whale browser before 3.26.244.21 allows an attacker to execute malicious JavaScript due to improper sanitization when processing a built-in extension. |
CVE-2025-69234 | Critical | 9.1 | 2025-12-30 | Whale browser before 4.35.351.12 allows an attacker to escape the iframe sandbox in a sidebar environment. |
CVE-2025-69235 | High | 7.5 | 2025-12-30 | Whale browser before 4.35.351.12 allows an attacker to bypass the Same-Origin Policy in a sidebar environment. |
CVE-2025-62585 | High | 7.5 | 2025-10-16 | Whale browser before 4.33.325.17 allows an attacker to bypass the Content Security Policy via a specific scheme in a dual-tab environment. |
CVE-2025-62584 | High | 7.5 | 2025-10-16 | Whale browser before 4.33.325.17 allows an attacker to bypass the Same-Origin Policy in a dual-tab environment. |
CVE-2025-53600 | High | 7.5 | 2025-07-04 | Whale browser before 4.32.315.22 allow an attacker to bypass the Same-Origin Policy in a dual-tab environment. |
CVE-2022-24073 | High | 7.1 | 2022-03-17 | The Web Request API in Whale browser before 3.12.129.18 allowed to deny access to the extension store or redirect to any URL when users access the store. |
CVE-2022-24075 | Medium | 6.5 | 2022-03-17 | Whale browser before 3.12.129.18 allowed extensions to replace JavaScript files of the HWP viewer website which could access to local HWP files. When the HWP f… |
CVE-2022-24072 | Medium | 6.1 | 2022-03-17 | The devtools API in Whale browser before 3.12.129.18 allowed extension developers to inject arbitrary JavaScript into the extension store web page via devtools… |
CVE-2023-25632 | Medium | 5.5 | 2023-11-27 | The Android Mobile Whale browser app before 3.0.1.2 allows the attacker to bypass its browser unlock function via 'Open in Whale' feature. |
CVE-2020-9754 | Medium | 5.3 | 2022-06-27 | NAVER Whale browser mobile app before 1.10.6.2 allows the attacker to bypass its browser unlock function via incognito mode. |
CVE-2021-33593 | Medium | 5.3 | 2021-11-02 | Whale browser for iOS before 1.14.0 has an inconsistent user interface issue that allows an attacker to obfuscate the address bar which may lead to address bar… |
CVE-2022-24071 | Medium | 4.3 | 2022-01-28 | A Built-in extension in Whale browser before 3.12.129.46 allows attackers to compromise the rendering process which could lead to controlling browser internal… |