Naver Naver Whale Browser

16 CVEs affecting Naver Naver Whale Browser. Latest disclosed: 2025-12-30. Critical: 5, High: 5.

Top CVEs affecting Naver Naver Whale Browser
CVESeverityScorePublishedSummary
CVE-2025-62583Critical9.82025-10-16Whale Browser before 4.33.325.17 allows an attacker to escape the iframe sandbox in a dual-tab environment.
CVE-2025-53599Critical9.82025-07-04Whale browser for iOS before 3.9.1.4206 allow an attacker to execute malicious scripts in the browser via a crafted javascript scheme.
CVE-2022-24074Critical9.82022-03-17Whale Bridge, a default extension in Whale browser before 3.12.129.18, allowed to receive any SendMessage request from the content script itself that could lea…
CVE-2024-40618Critical9.62024-07-11Whale browser before 3.26.244.21 allows an attacker to execute malicious JavaScript due to improper sanitization when processing a built-in extension.
CVE-2025-69234Critical9.12025-12-30Whale browser before 4.35.351.12 allows an attacker to escape the iframe sandbox in a sidebar environment.
CVE-2025-69235High7.52025-12-30Whale browser before 4.35.351.12 allows an attacker to bypass the Same-Origin Policy in a sidebar environment.
CVE-2025-62585High7.52025-10-16Whale browser before 4.33.325.17 allows an attacker to bypass the Content Security Policy via a specific scheme in a dual-tab environment.
CVE-2025-62584High7.52025-10-16Whale browser before 4.33.325.17 allows an attacker to bypass the Same-Origin Policy in a dual-tab environment.
CVE-2025-53600High7.52025-07-04Whale browser before 4.32.315.22 allow an attacker to bypass the Same-Origin Policy in a dual-tab environment.
CVE-2022-24073High7.12022-03-17The Web Request API in Whale browser before 3.12.129.18 allowed to deny access to the extension store or redirect to any URL when users access the store.
CVE-2022-24075Medium6.52022-03-17Whale browser before 3.12.129.18 allowed extensions to replace JavaScript files of the HWP viewer website which could access to local HWP files. When the HWP f…
CVE-2022-24072Medium6.12022-03-17The devtools API in Whale browser before 3.12.129.18 allowed extension developers to inject arbitrary JavaScript into the extension store web page via devtools…
CVE-2023-25632Medium5.52023-11-27The Android Mobile Whale browser app before 3.0.1.2 allows the attacker to bypass its browser unlock function via 'Open in Whale' feature.
CVE-2020-9754Medium5.32022-06-27NAVER Whale browser mobile app before 1.10.6.2 allows the attacker to bypass its browser unlock function via incognito mode.
CVE-2021-33593Medium5.32021-11-02Whale browser for iOS before 1.14.0 has an inconsistent user interface issue that allows an attacker to obfuscate the address bar which may lead to address bar…
CVE-2022-24071Medium4.32022-01-28A Built-in extension in Whale browser before 3.12.129.46 allows attackers to compromise the rendering process which could lead to controlling browser internal…