Navercorp Whale

19 CVEs affecting Navercorp Whale. Latest disclosed: 2025-12-30. Critical: 4, High: 8.

Top CVEs affecting Navercorp Whale
CVESeverityScorePublishedSummary
CVE-2025-62583Critical9.82025-10-16Whale Browser before 4.33.325.17 allows an attacker to escape the iframe sandbox in a dual-tab environment.
CVE-2025-53599Critical9.82025-07-04Whale browser for iOS before 3.9.1.4206 allow an attacker to execute malicious scripts in the browser via a crafted javascript scheme.
CVE-2022-24074Critical9.82022-03-17Whale Bridge, a default extension in Whale browser before 3.12.129.18, allowed to receive any SendMessage request from the content script itself that could lea…
CVE-2025-69234Critical9.12025-12-30Whale browser before 4.35.351.12 allows an attacker to escape the iframe sandbox in a sidebar environment.
CVE-2018-9859High8.12018-06-16The path of Whale update service was unquoted in NAVER Whale before 1.0.40.7. This vulnerability can be used for persistent privilege escalation if it's availa…
CVE-2018-12449High7.82018-10-11The Whale browser installer 0.4.3.0 and earlier versions allows DLL hijacking.
CVE-2017-15913High7.82018-01-08The Installer in Whale allows DLL hijacking.
CVE-2025-69235High7.52025-12-30Whale browser before 4.35.351.12 allows an attacker to bypass the Same-Origin Policy in a sidebar environment.
CVE-2025-62585High7.52025-10-16Whale browser before 4.33.325.17 allows an attacker to bypass the Content Security Policy via a specific scheme in a dual-tab environment.
CVE-2025-62584High7.52025-10-16Whale browser before 4.33.325.17 allows an attacker to bypass the Same-Origin Policy in a dual-tab environment.
CVE-2025-53600High7.52025-07-04Whale browser before 4.32.315.22 allow an attacker to bypass the Same-Origin Policy in a dual-tab environment.
CVE-2022-24073High7.12022-03-17The Web Request API in Whale browser before 3.12.129.18 allowed to deny access to the extension store or redirect to any URL when users access the store.
CVE-2022-24075Medium6.52022-03-17Whale browser before 3.12.129.18 allowed extensions to replace JavaScript files of the HWP viewer website which could access to local HWP files. When the HWP f…
CVE-2022-24072Medium6.12022-03-17The devtools API in Whale browser before 3.12.129.18 allowed extension developers to inject arbitrary JavaScript into the extension store web page via devtools…
CVE-2020-9754Medium5.32022-06-27NAVER Whale browser mobile app before 1.10.6.2 allows the attacker to bypass its browser unlock function via incognito mode.
CVE-2021-33593Medium5.32021-11-02Whale browser for iOS before 1.14.0 has an inconsistent user interface issue that allows an attacker to obfuscate the address bar which may lead to address bar…
CVE-2018-12448Medium5.32018-08-02Whale Browser before 1.3.48.4 displays no URL information but only a title of a web page on the browser's address bar when visiting a non-http page, which allo…
CVE-2018-7635Medium5.32018-07-03Whale Browser before 1.0.41.8 displays no URL information but only a title of a web page on the browser's address bar when visiting a blank page, which allows…
CVE-2022-24071Medium4.32022-01-28A Built-in extension in Whale browser before 3.12.129.46 allows attackers to compromise the rendering process which could lead to controlling browser internal…