Search

Find a vulnerability

Search criteria

    32 vulnerabilities found for NAVER Whale browser by NAVER

    CVE-2025-69235 (GCVE-0-2025-69235)

    Vulnerability from nvd – Published: 2025-12-30 01:22 – Updated: 2025-12-31 17:15
    VLAI
    Summary
    Whale browser before 4.35.351.12 allows an attacker to bypass the Same-Origin Policy in a sidebar environment.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-346 - Origin Validation Error
    Assigner
    References
    Impacted products
    Vendor Product Version
    NAVER NAVER Whale browser Unaffected: 4.35.351.12
    Create a notification for this product.
    Credits
    Mingi Jung, wjdaslrl4475@unist.ac.kr, Ulsan National Institute of Science and Technology - WebSecLab
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "NONE",
                  "baseScore": 7.5,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "NONE",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-69235",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-12-31T17:15:07.713227Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-12-31T17:15:35.598Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "platforms": [
                "Windows",
                "MacOS"
              ],
              "product": "NAVER Whale browser",
              "vendor": "NAVER",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "4.35.351.12"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Mingi Jung, wjdaslrl4475@unist.ac.kr, Ulsan National Institute of Science and Technology - WebSecLab"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Whale browser before 4.35.351.12 allows an attacker to bypass the Same-Origin Policy in a sidebar environment.\u003cbr\u003e"
                }
              ],
              "value": "Whale browser before 4.35.351.12 allows an attacker to bypass the Same-Origin Policy in a sidebar environment."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-346",
                  "description": "CWE-346 Origin Validation Error",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-12-30T01:22:57.770Z",
            "orgId": "f9629fae-ca2e-4fbf-9785-3ed86476aef6",
            "shortName": "naver"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://cve.naver.com/detail/cve-2025-69235.html"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "x_generator": {
            "engine": "Vulnogram 0.5.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f9629fae-ca2e-4fbf-9785-3ed86476aef6",
        "assignerShortName": "naver",
        "cveId": "CVE-2025-69235",
        "datePublished": "2025-12-30T01:22:57.770Z",
        "dateReserved": "2025-12-30T01:03:13.520Z",
        "dateUpdated": "2025-12-31T17:15:35.598Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-69234 (GCVE-0-2025-69234)

    Vulnerability from nvd – Published: 2025-12-30 01:18 – Updated: 2025-12-31 17:17
    VLAI
    Summary
    Whale browser before 4.35.351.12 allows an attacker to escape the iframe sandbox in a sidebar environment.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-358 - Improperly Implemented Security Check for Standard
    Assigner
    References
    Impacted products
    Vendor Product Version
    NAVER NAVER Whale browser Unaffected: 4.35.351.12
    Create a notification for this product.
    Credits
    Mingi Jung, wjdaslrl4475@unist.ac.kr, Ulsan National Institute of Science and Technology - WebSecLab
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "NONE",
                  "baseScore": 9.1,
                  "baseSeverity": "CRITICAL",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-69234",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-12-31T17:16:08.447584Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-12-31T17:17:34.260Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "platforms": [
                "Windows"
              ],
              "product": "NAVER Whale browser",
              "vendor": "NAVER",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "4.35.351.12"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Mingi Jung, wjdaslrl4475@unist.ac.kr, Ulsan National Institute of Science and Technology - WebSecLab"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Whale browser before 4.35.351.12 allows an attacker to escape the iframe sandbox in a sidebar environment.\u003cbr\u003e"
                }
              ],
              "value": "Whale browser before 4.35.351.12 allows an attacker to escape the iframe sandbox in a sidebar environment."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-358",
                  "description": "CWE-358 Improperly Implemented Security Check for Standard",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-12-30T01:23:19.750Z",
            "orgId": "f9629fae-ca2e-4fbf-9785-3ed86476aef6",
            "shortName": "naver"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://cve.naver.com/detail/cve-2025-69234.html"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "x_generator": {
            "engine": "Vulnogram 0.5.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f9629fae-ca2e-4fbf-9785-3ed86476aef6",
        "assignerShortName": "naver",
        "cveId": "CVE-2025-69234",
        "datePublished": "2025-12-30T01:18:05.718Z",
        "dateReserved": "2025-12-30T01:03:13.519Z",
        "dateUpdated": "2025-12-31T17:17:34.260Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-62585 (GCVE-0-2025-62585)

    Vulnerability from nvd – Published: 2025-10-16 06:52 – Updated: 2025-10-16 13:36
    VLAI
    Summary
    Whale browser before 4.33.325.17 allows an attacker to bypass the Content Security Policy via a specific scheme in a dual-tab environment.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-358 - Improperly Implemented Security Check for Standard
    Assigner
    References
    Impacted products
    Vendor Product Version
    NAVER NAVER Whale browser Unaffected: 4.33.325.17
    Create a notification for this product.
    Credits
    Mingi Jung, mingijung.grape@gmail.com, Ulsan National Institute of Science and Technology-Web Sec Lab
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "NONE",
                  "baseScore": 7.5,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "NONE",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-62585",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-10-16T13:35:56.425333Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-10-16T13:36:56.579Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "NAVER Whale browser",
              "vendor": "NAVER",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "4.33.325.17"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Mingi Jung, mingijung.grape@gmail.com, Ulsan National Institute of Science and Technology-Web Sec Lab"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Whale browser before 4.33.325.17 allows an attacker to bypass the Content Security Policy via a specific scheme in a dual-tab environment."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-358",
                  "description": "CWE-358 Improperly Implemented Security Check for Standard",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-10-16T06:52:34.974Z",
            "orgId": "f9629fae-ca2e-4fbf-9785-3ed86476aef6",
            "shortName": "naver"
          },
          "references": [
            {
              "name": "NAVER Security Advisory",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://cve.naver.com/detail/cve-2025-62585.html"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f9629fae-ca2e-4fbf-9785-3ed86476aef6",
        "assignerShortName": "naver",
        "cveId": "CVE-2025-62585",
        "datePublished": "2025-10-16T06:52:34.974Z",
        "dateReserved": "2025-10-16T06:44:59.554Z",
        "dateUpdated": "2025-10-16T13:36:56.579Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-62584 (GCVE-0-2025-62584)

    Vulnerability from nvd – Published: 2025-10-16 06:52 – Updated: 2025-10-16 13:38
    VLAI
    Summary
    Whale browser before 4.33.325.17 allows an attacker to bypass the Same-Origin Policy in a dual-tab environment.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-346 - Origin Validation Error
    Assigner
    References
    Impacted products
    Vendor Product Version
    NAVER NAVER Whale browser Unaffected: 4.33.325.17
    Create a notification for this product.
    Credits
    Mingi Jung, mingijung.grape@gmail.com, Ulsan National Institute of Science and Technology-Web Sec Lab
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "NONE",
                  "baseScore": 7.5,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "NONE",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-62584",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-10-16T13:38:19.251887Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-10-16T13:38:54.575Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "NAVER Whale browser",
              "vendor": "NAVER",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "4.33.325.17"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Mingi Jung, mingijung.grape@gmail.com, Ulsan National Institute of Science and Technology-Web Sec Lab"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Whale browser before 4.33.325.17 allows an attacker to bypass the Same-Origin Policy in a dual-tab environment."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-346",
                  "description": "CWE-346 Origin Validation Error",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-10-16T06:52:25.232Z",
            "orgId": "f9629fae-ca2e-4fbf-9785-3ed86476aef6",
            "shortName": "naver"
          },
          "references": [
            {
              "name": "NAVER Security Advisory",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://cve.naver.com/detail/cve-2025-62584.html"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f9629fae-ca2e-4fbf-9785-3ed86476aef6",
        "assignerShortName": "naver",
        "cveId": "CVE-2025-62584",
        "datePublished": "2025-10-16T06:52:25.232Z",
        "dateReserved": "2025-10-16T06:44:59.554Z",
        "dateUpdated": "2025-10-16T13:38:54.575Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-62583 (GCVE-0-2025-62583)

    Vulnerability from nvd – Published: 2025-10-16 06:52 – Updated: 2025-10-16 14:09
    VLAI
    Summary
    Whale Browser before 4.33.325.17 allows an attacker to escape the iframe sandbox in a dual-tab environment.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-358 - Improperly Implemented Security Check for Standard
    Assigner
    References
    Impacted products
    Vendor Product Version
    NAVER NAVER Whale browser Unaffected: 4.33.325.17
    Create a notification for this product.
    Credits
    Mingi Jung, mingijung.grape@gmail.com, Ulsan National Institute of Science and Technology-Web Sec Lab
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 9.8,
                  "baseSeverity": "CRITICAL",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-62583",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-10-16T13:58:39.555252Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-10-16T14:09:03.582Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "NAVER Whale browser",
              "vendor": "NAVER",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "4.33.325.17"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Mingi Jung, mingijung.grape@gmail.com, Ulsan National Institute of Science and Technology-Web Sec Lab"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Whale Browser before 4.33.325.17 allows an attacker to escape the iframe sandbox in a dual-tab environment."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-358",
                  "description": "CWE-358 Improperly Implemented Security Check for Standard",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-10-16T06:52:12.797Z",
            "orgId": "f9629fae-ca2e-4fbf-9785-3ed86476aef6",
            "shortName": "naver"
          },
          "references": [
            {
              "name": "NAVER Security Advisory",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://cve.naver.com/detail/cve-2025-62583.html"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f9629fae-ca2e-4fbf-9785-3ed86476aef6",
        "assignerShortName": "naver",
        "cveId": "CVE-2025-62583",
        "datePublished": "2025-10-16T06:52:12.797Z",
        "dateReserved": "2025-10-16T06:44:59.553Z",
        "dateUpdated": "2025-10-16T14:09:03.582Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-53600 (GCVE-0-2025-53600)

    Vulnerability from nvd – Published: 2025-07-04 07:20 – Updated: 2025-07-08 17:39
    VLAI
    Summary
    Whale browser before 4.32.315.22 allow an attacker to bypass the Same-Origin Policy in a dual-tab environment.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-346 - Origin Validation Error
    Assigner
    References
    Impacted products
    Vendor Product Version
    NAVER NAVER Whale browser Unaffected: 4.32.315.22
    Create a notification for this product.
    Credits
    Mingi Jung (UNIST WebSec), mingijung.grape@gmail.com, Ulsan National Institute of Science and Technology Web Sec Lab
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "NONE",
                  "baseScore": 7.5,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "NONE",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-53600",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-07-07T19:46:16.025413Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-07-08T17:39:08.750Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "NAVER Whale browser",
              "vendor": "NAVER",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "4.32.315.22"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Mingi Jung (UNIST WebSec), mingijung.grape@gmail.com, Ulsan National Institute of Science and Technology Web Sec Lab"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Whale browser before 4.32.315.22 allow an attacker to bypass the Same-Origin Policy in a dual-tab environment."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-346",
                  "description": "CWE-346 Origin Validation Error",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-07-04T07:20:26.014Z",
            "orgId": "f9629fae-ca2e-4fbf-9785-3ed86476aef6",
            "shortName": "naver"
          },
          "references": [
            {
              "name": "NAVER Security Advisory",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://cve.naver.com/detail/cve-2025-53600.html"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f9629fae-ca2e-4fbf-9785-3ed86476aef6",
        "assignerShortName": "naver",
        "cveId": "CVE-2025-53600",
        "datePublished": "2025-07-04T07:20:26.014Z",
        "dateReserved": "2025-07-04T07:13:26.677Z",
        "dateUpdated": "2025-07-08T17:39:08.750Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-53599 (GCVE-0-2025-53599)

    Vulnerability from nvd – Published: 2025-07-04 07:20 – Updated: 2025-07-08 17:39
    VLAI
    Summary
    Whale browser for iOS before 3.9.1.4206 allow an attacker to execute malicious scripts in the browser via a crafted javascript scheme.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    Assigner
    References
    Impacted products
    Vendor Product Version
    NAVER NAVER Whale browser Unaffected: 3.9.1.4206
    Create a notification for this product.
    Credits
    un3xploitable
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 9.8,
                  "baseSeverity": "CRITICAL",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-53599",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-07-07T19:46:24.649720Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-07-08T17:39:15.377Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "platforms": [
                "iOS"
              ],
              "product": "NAVER Whale browser",
              "vendor": "NAVER",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "3.9.1.4206"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "un3xploitable"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Whale browser for iOS before 3.9.1.4206 allow an attacker to execute malicious scripts in the browser via a crafted javascript scheme."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-07-04T07:20:11.124Z",
            "orgId": "f9629fae-ca2e-4fbf-9785-3ed86476aef6",
            "shortName": "naver"
          },
          "references": [
            {
              "name": "NAVER Security Advisory",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://cve.naver.com/detail/cve-2025-53599.html"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f9629fae-ca2e-4fbf-9785-3ed86476aef6",
        "assignerShortName": "naver",
        "cveId": "CVE-2025-53599",
        "datePublished": "2025-07-04T07:20:11.124Z",
        "dateReserved": "2025-07-04T07:13:26.676Z",
        "dateUpdated": "2025-07-08T17:39:15.377Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-40618 (GCVE-0-2024-40618)

    Vulnerability from nvd – Published: 2024-07-11 01:24 – Updated: 2024-08-02 04:33
    VLAI
    Summary
    Whale browser before 3.26.244.21 allows an attacker to execute malicious JavaScript due to improper sanitization when processing a built-in extension.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    Assigner
    References
    Impacted products
    Vendor Product Version
    NAVER NAVER Whale browser Unaffected: 3.26.244.21
    Create a notification for this product.
    naver whale_browser Affected: 0 , < 3.26.244.21 (custom)
        cpe:2.3:a:naver:whale_browser:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    James Dean (YSK)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:naver:whale_browser:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "whale_browser",
                "vendor": "naver",
                "versions": [
                  {
                    "lessThan": "3.26.244.21",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "LOW",
                  "baseScore": 9.6,
                  "baseSeverity": "CRITICAL",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "CHANGED",
                  "userInteraction": "REQUIRED",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:L",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-40618",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-07-12T14:56:23.905753Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-07-12T14:56:51.466Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T04:33:11.796Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "NAVER Security Advisory",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://cve.naver.com/detail/cve-2024-40618.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "NAVER Whale browser",
              "vendor": "NAVER",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "3.26.244.21"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "James Dean (YSK)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Whale browser before 3.26.244.21 allows an attacker to execute malicious JavaScript due to improper sanitization when processing a built-in extension."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-07-11T01:24:41.321Z",
            "orgId": "f9629fae-ca2e-4fbf-9785-3ed86476aef6",
            "shortName": "naver"
          },
          "references": [
            {
              "name": "NAVER Security Advisory",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://cve.naver.com/detail/cve-2024-40618.html"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f9629fae-ca2e-4fbf-9785-3ed86476aef6",
        "assignerShortName": "naver",
        "cveId": "CVE-2024-40618",
        "datePublished": "2024-07-11T01:24:41.321Z",
        "dateReserved": "2024-07-08T06:05:59.601Z",
        "dateUpdated": "2024-08-02T04:33:11.796Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-25632 (GCVE-0-2023-25632)

    Vulnerability from nvd – Published: 2023-11-27 07:03 – Updated: 2024-10-11 17:58
    VLAI
    Summary
    The Android Mobile Whale browser app before 3.0.1.2 allows the attacker to bypass its browser unlock function via 'Open in Whale' feature.
    Severity
    No CVSS data available.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-359 - Exposure of Private Personal Information to an Unauthorized Actor
    Assigner
    References
    Impacted products
    Vendor Product Version
    NAVER NAVER Whale browser Unaffected: 3.0.1.2
    Create a notification for this product.
    Credits
    Mohit Raj (shadow2639), sec4life@protonmail.com
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T11:25:19.289Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "NAVER Security Advisory",
                "tags": [
                  "x_transferred"
                ],
                "url": "https://cve.naver.com/detail/cve-2023-25632.html"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-25632",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-11T17:51:37.401604Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-11T17:58:24.336Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "platforms": [
                "Android"
              ],
              "product": "NAVER Whale browser",
              "vendor": "NAVER",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "3.0.1.2"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Mohit Raj (shadow2639), sec4life@protonmail.com"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The Android Mobile Whale browser app before 3.0.1.2 allows the attacker to bypass its browser unlock function via \u0027Open in Whale\u0027 feature."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-359",
                  "description": "CWE-359 Exposure of Private Personal Information to an Unauthorized Actor",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-09-06T02:36:55.395Z",
            "orgId": "f9629fae-ca2e-4fbf-9785-3ed86476aef6",
            "shortName": "naver"
          },
          "references": [
            {
              "name": "NAVER Security Advisory",
              "url": "https://cve.naver.com/detail/cve-2023-25632.html"
            }
          ],
          "source": {
            "advisory": "NIST",
            "discovery": "EXTERNAL"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f9629fae-ca2e-4fbf-9785-3ed86476aef6",
        "assignerShortName": "naver",
        "cveId": "CVE-2023-25632",
        "datePublished": "2023-11-27T07:03:12.145Z",
        "dateReserved": "2023-02-09T15:55:25.113Z",
        "dateUpdated": "2024-10-11T17:58:24.336Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-9754 (GCVE-0-2020-9754)

    Vulnerability from nvd – Published: 2022-06-27 01:40 – Updated: 2024-08-04 10:43
    VLAI
    Summary
    NAVER Whale browser mobile app before 1.10.6.2 allows the attacker to bypass its browser unlock function via incognito mode.
    Severity
    No CVSS data available.
    CWE
    • CWE-284 - Improper Access Control
    Assigner
    References
    Impacted products
    Vendor Product Version
    NAVER NAVER Whale browser Affected: unspecified , < 1.10.6.2 (custom)
    Create a notification for this product.
    Credits
    Jaeyong Bae(jdragon.bae@gmail.com)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T10:43:04.600Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://cve.naver.com/detail/cve-2020-9754.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "NAVER Whale browser",
              "vendor": "NAVER",
              "versions": [
                {
                  "lessThan": "1.10.6.2",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Jaeyong Bae(jdragon.bae@gmail.com)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "NAVER Whale browser mobile app before 1.10.6.2 allows the attacker to bypass its browser unlock function via incognito mode."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-284",
                  "description": "CWE-284: Improper Access Control",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-06-27T01:40:09.000Z",
            "orgId": "f9629fae-ca2e-4fbf-9785-3ed86476aef6",
            "shortName": "naver"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://cve.naver.com/detail/cve-2020-9754.html"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@navercorp.com",
              "ID": "CVE-2020-9754",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "NAVER Whale browser",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "1.10.6.2"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "NAVER"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "Jaeyong Bae(jdragon.bae@gmail.com)"
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "NAVER Whale browser mobile app before 1.10.6.2 allows the attacker to bypass its browser unlock function via incognito mode."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-284: Improper Access Control"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://cve.naver.com/detail/cve-2020-9754.html",
                  "refsource": "CONFIRM",
                  "url": "https://cve.naver.com/detail/cve-2020-9754.html"
                }
              ]
            },
            "source": {
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f9629fae-ca2e-4fbf-9785-3ed86476aef6",
        "assignerShortName": "naver",
        "cveId": "CVE-2020-9754",
        "datePublished": "2022-06-27T01:40:09.000Z",
        "dateReserved": "2020-03-02T00:00:00.000Z",
        "dateUpdated": "2024-08-04T10:43:04.600Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-24075 (GCVE-0-2022-24075)

    Vulnerability from nvd – Published: 2022-03-17 05:20 – Updated: 2024-08-03 03:59
    VLAI
    Summary
    Whale browser before 3.12.129.18 allowed extensions to replace JavaScript files of the HWP viewer website which could access to local HWP files. When the HWP files were opened, the replaced script could read the files.
    Severity
    No CVSS data available.
    CWE
    • CWE-552 - Files or Directories Accessible to External Parties
    Assigner
    References
    URL Tags
    https://cve.naver.com/detail/cve-2022-24075 x_refsource_CONFIRM
    Impacted products
    Vendor Product Version
    NAVER NAVER Whale browser Affected: unspecified , < 3.12.129.46 (custom)
    Create a notification for this product.
    Credits
    Young Min Kim
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T03:59:23.602Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://cve.naver.com/detail/cve-2022-24075"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "NAVER Whale browser",
              "vendor": "NAVER",
              "versions": [
                {
                  "lessThan": "3.12.129.46",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Young Min Kim"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Whale browser before 3.12.129.18 allowed extensions to replace JavaScript files of the HWP viewer website which could access to local HWP files. When the HWP files were opened, the replaced script could read the files."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-552",
                  "description": "CWE-552: Files or Directories Accessible to External Parties",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-03-17T05:20:17.000Z",
            "orgId": "f9629fae-ca2e-4fbf-9785-3ed86476aef6",
            "shortName": "naver"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://cve.naver.com/detail/cve-2022-24075"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@navercorp.com",
              "ID": "CVE-2022-24075",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "NAVER Whale browser",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "3.12.129.46"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "NAVER"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "Young Min Kim"
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Whale browser before 3.12.129.18 allowed extensions to replace JavaScript files of the HWP viewer website which could access to local HWP files. When the HWP files were opened, the replaced script could read the files."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-552: Files or Directories Accessible to External Parties"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://cve.naver.com/detail/cve-2022-24075",
                  "refsource": "CONFIRM",
                  "url": "https://cve.naver.com/detail/cve-2022-24075"
                }
              ]
            },
            "source": {
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f9629fae-ca2e-4fbf-9785-3ed86476aef6",
        "assignerShortName": "naver",
        "cveId": "CVE-2022-24075",
        "datePublished": "2022-03-17T05:20:17.000Z",
        "dateReserved": "2022-01-27T00:00:00.000Z",
        "dateUpdated": "2024-08-03T03:59:23.602Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-24074 (GCVE-0-2022-24074)

    Vulnerability from nvd – Published: 2022-03-17 05:20 – Updated: 2024-08-03 03:59
    VLAI
    Summary
    Whale Bridge, a default extension in Whale browser before 3.12.129.18, allowed to receive any SendMessage request from the content script itself that could lead to controlling Whale Bridge if the rendering process compromises.
    Severity
    No CVSS data available.
    CWE
    • CWE-668 - Exposure of Resource to Wrong Sphere
    Assigner
    References
    URL Tags
    https://cve.naver.com/detail/cve-2022-24074 x_refsource_CONFIRM
    Impacted products
    Vendor Product Version
    NAVER NAVER Whale browser Affected: unspecified , < 3.12.129.46 (custom)
    Create a notification for this product.
    Credits
    Young Min Kim
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T03:59:23.649Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://cve.naver.com/detail/cve-2022-24074"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "NAVER Whale browser",
              "vendor": "NAVER",
              "versions": [
                {
                  "lessThan": "3.12.129.46",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Young Min Kim"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Whale Bridge, a default extension in Whale browser before 3.12.129.18, allowed to receive any SendMessage request from the content script itself that could lead to controlling Whale Bridge if the rendering process compromises."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-668",
                  "description": "CWE-668: Exposure of Resource to Wrong Sphere",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-03-17T05:20:16.000Z",
            "orgId": "f9629fae-ca2e-4fbf-9785-3ed86476aef6",
            "shortName": "naver"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://cve.naver.com/detail/cve-2022-24074"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@navercorp.com",
              "ID": "CVE-2022-24074",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "NAVER Whale browser",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "3.12.129.46"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "NAVER"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "Young Min Kim"
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Whale Bridge, a default extension in Whale browser before 3.12.129.18, allowed to receive any SendMessage request from the content script itself that could lead to controlling Whale Bridge if the rendering process compromises."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-668: Exposure of Resource to Wrong Sphere"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://cve.naver.com/detail/cve-2022-24074",
                  "refsource": "CONFIRM",
                  "url": "https://cve.naver.com/detail/cve-2022-24074"
                }
              ]
            },
            "source": {
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f9629fae-ca2e-4fbf-9785-3ed86476aef6",
        "assignerShortName": "naver",
        "cveId": "CVE-2022-24074",
        "datePublished": "2022-03-17T05:20:16.000Z",
        "dateReserved": "2022-01-27T00:00:00.000Z",
        "dateUpdated": "2024-08-03T03:59:23.649Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-24073 (GCVE-0-2022-24073)

    Vulnerability from nvd – Published: 2022-03-17 05:20 – Updated: 2024-08-03 03:59
    VLAI
    Summary
    The Web Request API in Whale browser before 3.12.129.18 allowed to deny access to the extension store or redirect to any URL when users access the store.
    Severity
    No CVSS data available.
    CWE
    • CWE-648 - Incorrect Use of Privileged APIs
    Assigner
    References
    URL Tags
    https://cve.naver.com/detail/cve-2022-24073 x_refsource_CONFIRM
    Impacted products
    Vendor Product Version
    NAVER NAVER Whale browser Affected: unspecified , < 3.12.129.46 (custom)
    Create a notification for this product.
    Credits
    Young Min Kim
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T03:59:23.677Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://cve.naver.com/detail/cve-2022-24073"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "NAVER Whale browser",
              "vendor": "NAVER",
              "versions": [
                {
                  "lessThan": "3.12.129.46",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Young Min Kim"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The Web Request API in Whale browser before 3.12.129.18 allowed to deny access to the extension store or redirect to any URL when users access the store."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-648",
                  "description": "CWE-648: Incorrect Use of Privileged APIs",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-03-17T05:20:14.000Z",
            "orgId": "f9629fae-ca2e-4fbf-9785-3ed86476aef6",
            "shortName": "naver"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://cve.naver.com/detail/cve-2022-24073"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@navercorp.com",
              "ID": "CVE-2022-24073",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "NAVER Whale browser",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "3.12.129.46"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "NAVER"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "Young Min Kim"
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The Web Request API in Whale browser before 3.12.129.18 allowed to deny access to the extension store or redirect to any URL when users access the store."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-648: Incorrect Use of Privileged APIs"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://cve.naver.com/detail/cve-2022-24073",
                  "refsource": "CONFIRM",
                  "url": "https://cve.naver.com/detail/cve-2022-24073"
                }
              ]
            },
            "source": {
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f9629fae-ca2e-4fbf-9785-3ed86476aef6",
        "assignerShortName": "naver",
        "cveId": "CVE-2022-24073",
        "datePublished": "2022-03-17T05:20:14.000Z",
        "dateReserved": "2022-01-27T00:00:00.000Z",
        "dateUpdated": "2024-08-03T03:59:23.677Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-24072 (GCVE-0-2022-24072)

    Vulnerability from nvd – Published: 2022-03-17 05:20 – Updated: 2024-08-03 03:59
    VLAI
    Summary
    The devtools API in Whale browser before 3.12.129.18 allowed extension developers to inject arbitrary JavaScript into the extension store web page via devtools.inspectedWindow, leading to extensions downloading and uploading when users open the developer tool.
    Severity
    No CVSS data available.
    CWE
    • CWE-269 - Improper Privilege Management
    Assigner
    References
    URL Tags
    https://cve.naver.com/detail/cve-2022-24072 x_refsource_CONFIRM
    Impacted products
    Vendor Product Version
    NAVER NAVER Whale browser Affected: unspecified , < 3.12.129.46 (custom)
    Create a notification for this product.
    Credits
    Young Min Kim
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T03:59:23.580Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://cve.naver.com/detail/cve-2022-24072"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "NAVER Whale browser",
              "vendor": "NAVER",
              "versions": [
                {
                  "lessThan": "3.12.129.46",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Young Min Kim"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The devtools API in Whale browser before 3.12.129.18 allowed extension developers to inject arbitrary JavaScript into the extension store web page via devtools.inspectedWindow, leading to extensions downloading and uploading when users open the developer tool."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-269",
                  "description": "CWE-269: Improper Privilege Management",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-03-17T05:20:13.000Z",
            "orgId": "f9629fae-ca2e-4fbf-9785-3ed86476aef6",
            "shortName": "naver"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://cve.naver.com/detail/cve-2022-24072"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@navercorp.com",
              "ID": "CVE-2022-24072",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "NAVER Whale browser",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "3.12.129.46"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "NAVER"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "Young Min Kim"
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The devtools API in Whale browser before 3.12.129.18 allowed extension developers to inject arbitrary JavaScript into the extension store web page via devtools.inspectedWindow, leading to extensions downloading and uploading when users open the developer tool."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-269: Improper Privilege Management"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://cve.naver.com/detail/cve-2022-24072",
                  "refsource": "CONFIRM",
                  "url": "https://cve.naver.com/detail/cve-2022-24072"
                }
              ]
            },
            "source": {
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f9629fae-ca2e-4fbf-9785-3ed86476aef6",
        "assignerShortName": "naver",
        "cveId": "CVE-2022-24072",
        "datePublished": "2022-03-17T05:20:13.000Z",
        "dateReserved": "2022-01-27T00:00:00.000Z",
        "dateUpdated": "2024-08-03T03:59:23.580Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-24071 (GCVE-0-2022-24071)

    Vulnerability from nvd – Published: 2022-01-28 10:04 – Updated: 2024-08-03 03:59
    VLAI
    Summary
    A Built-in extension in Whale browser before 3.12.129.46 allows attackers to compromise the rendering process which could lead to controlling browser internal APIs.
    Severity
    No CVSS data available.
    CWE
    • CWE-648 - Incorrect Use of Privileged APIs
    Assigner
    References
    URL Tags
    https://cve.naver.com/detail/cve-2022-24071 x_refsource_CONFIRM
    Impacted products
    Vendor Product Version
    NAVER NAVER Whale browser Affected: unspecified , < 3.12.129.46 (custom)
    Create a notification for this product.
    Credits
    Young Min Kim
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T03:59:23.786Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://cve.naver.com/detail/cve-2022-24071"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "NAVER Whale browser",
              "vendor": "NAVER",
              "versions": [
                {
                  "lessThan": "3.12.129.46",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Young Min Kim"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A Built-in extension in Whale browser before 3.12.129.46 allows attackers to compromise the rendering process which could lead to controlling browser internal APIs."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-648",
                  "description": "CWE-648: Incorrect Use of Privileged APIs",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-01-28T10:04:53.000Z",
            "orgId": "f9629fae-ca2e-4fbf-9785-3ed86476aef6",
            "shortName": "naver"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://cve.naver.com/detail/cve-2022-24071"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@navercorp.com",
              "ID": "CVE-2022-24071",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "NAVER Whale browser",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "3.12.129.46"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "NAVER"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "Young Min Kim"
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A Built-in extension in Whale browser before 3.12.129.46 allows attackers to compromise the rendering process which could lead to controlling browser internal APIs."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-648: Incorrect Use of Privileged APIs"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://cve.naver.com/detail/cve-2022-24071",
                  "refsource": "CONFIRM",
                  "url": "https://cve.naver.com/detail/cve-2022-24071"
                }
              ]
            },
            "source": {
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f9629fae-ca2e-4fbf-9785-3ed86476aef6",
        "assignerShortName": "naver",
        "cveId": "CVE-2022-24071",
        "datePublished": "2022-01-28T10:04:53.000Z",
        "dateReserved": "2022-01-27T00:00:00.000Z",
        "dateUpdated": "2024-08-03T03:59:23.786Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-69235 (GCVE-0-2025-69235)

    Vulnerability from cvelistv5 – Published: 2025-12-30 01:22 – Updated: 2025-12-31 17:15
    VLAI
    Summary
    Whale browser before 4.35.351.12 allows an attacker to bypass the Same-Origin Policy in a sidebar environment.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-346 - Origin Validation Error
    Assigner
    References
    Impacted products
    Vendor Product Version
    NAVER NAVER Whale browser Unaffected: 4.35.351.12
    Create a notification for this product.
    Credits
    Mingi Jung, wjdaslrl4475@unist.ac.kr, Ulsan National Institute of Science and Technology - WebSecLab
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "NONE",
                  "baseScore": 7.5,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "NONE",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-69235",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-12-31T17:15:07.713227Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-12-31T17:15:35.598Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "platforms": [
                "Windows",
                "MacOS"
              ],
              "product": "NAVER Whale browser",
              "vendor": "NAVER",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "4.35.351.12"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Mingi Jung, wjdaslrl4475@unist.ac.kr, Ulsan National Institute of Science and Technology - WebSecLab"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Whale browser before 4.35.351.12 allows an attacker to bypass the Same-Origin Policy in a sidebar environment.\u003cbr\u003e"
                }
              ],
              "value": "Whale browser before 4.35.351.12 allows an attacker to bypass the Same-Origin Policy in a sidebar environment."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-346",
                  "description": "CWE-346 Origin Validation Error",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-12-30T01:22:57.770Z",
            "orgId": "f9629fae-ca2e-4fbf-9785-3ed86476aef6",
            "shortName": "naver"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://cve.naver.com/detail/cve-2025-69235.html"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "x_generator": {
            "engine": "Vulnogram 0.5.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f9629fae-ca2e-4fbf-9785-3ed86476aef6",
        "assignerShortName": "naver",
        "cveId": "CVE-2025-69235",
        "datePublished": "2025-12-30T01:22:57.770Z",
        "dateReserved": "2025-12-30T01:03:13.520Z",
        "dateUpdated": "2025-12-31T17:15:35.598Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-69234 (GCVE-0-2025-69234)

    Vulnerability from cvelistv5 – Published: 2025-12-30 01:18 – Updated: 2025-12-31 17:17
    VLAI
    Summary
    Whale browser before 4.35.351.12 allows an attacker to escape the iframe sandbox in a sidebar environment.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-358 - Improperly Implemented Security Check for Standard
    Assigner
    References
    Impacted products
    Vendor Product Version
    NAVER NAVER Whale browser Unaffected: 4.35.351.12
    Create a notification for this product.
    Credits
    Mingi Jung, wjdaslrl4475@unist.ac.kr, Ulsan National Institute of Science and Technology - WebSecLab
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "NONE",
                  "baseScore": 9.1,
                  "baseSeverity": "CRITICAL",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-69234",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-12-31T17:16:08.447584Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-12-31T17:17:34.260Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "platforms": [
                "Windows"
              ],
              "product": "NAVER Whale browser",
              "vendor": "NAVER",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "4.35.351.12"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Mingi Jung, wjdaslrl4475@unist.ac.kr, Ulsan National Institute of Science and Technology - WebSecLab"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Whale browser before 4.35.351.12 allows an attacker to escape the iframe sandbox in a sidebar environment.\u003cbr\u003e"
                }
              ],
              "value": "Whale browser before 4.35.351.12 allows an attacker to escape the iframe sandbox in a sidebar environment."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-358",
                  "description": "CWE-358 Improperly Implemented Security Check for Standard",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-12-30T01:23:19.750Z",
            "orgId": "f9629fae-ca2e-4fbf-9785-3ed86476aef6",
            "shortName": "naver"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://cve.naver.com/detail/cve-2025-69234.html"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "x_generator": {
            "engine": "Vulnogram 0.5.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f9629fae-ca2e-4fbf-9785-3ed86476aef6",
        "assignerShortName": "naver",
        "cveId": "CVE-2025-69234",
        "datePublished": "2025-12-30T01:18:05.718Z",
        "dateReserved": "2025-12-30T01:03:13.519Z",
        "dateUpdated": "2025-12-31T17:17:34.260Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-62585 (GCVE-0-2025-62585)

    Vulnerability from cvelistv5 – Published: 2025-10-16 06:52 – Updated: 2025-10-16 13:36
    VLAI
    Summary
    Whale browser before 4.33.325.17 allows an attacker to bypass the Content Security Policy via a specific scheme in a dual-tab environment.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-358 - Improperly Implemented Security Check for Standard
    Assigner
    References
    Impacted products
    Vendor Product Version
    NAVER NAVER Whale browser Unaffected: 4.33.325.17
    Create a notification for this product.
    Credits
    Mingi Jung, mingijung.grape@gmail.com, Ulsan National Institute of Science and Technology-Web Sec Lab
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "NONE",
                  "baseScore": 7.5,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "NONE",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-62585",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-10-16T13:35:56.425333Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-10-16T13:36:56.579Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "NAVER Whale browser",
              "vendor": "NAVER",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "4.33.325.17"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Mingi Jung, mingijung.grape@gmail.com, Ulsan National Institute of Science and Technology-Web Sec Lab"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Whale browser before 4.33.325.17 allows an attacker to bypass the Content Security Policy via a specific scheme in a dual-tab environment."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-358",
                  "description": "CWE-358 Improperly Implemented Security Check for Standard",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-10-16T06:52:34.974Z",
            "orgId": "f9629fae-ca2e-4fbf-9785-3ed86476aef6",
            "shortName": "naver"
          },
          "references": [
            {
              "name": "NAVER Security Advisory",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://cve.naver.com/detail/cve-2025-62585.html"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f9629fae-ca2e-4fbf-9785-3ed86476aef6",
        "assignerShortName": "naver",
        "cveId": "CVE-2025-62585",
        "datePublished": "2025-10-16T06:52:34.974Z",
        "dateReserved": "2025-10-16T06:44:59.554Z",
        "dateUpdated": "2025-10-16T13:36:56.579Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-62584 (GCVE-0-2025-62584)

    Vulnerability from cvelistv5 – Published: 2025-10-16 06:52 – Updated: 2025-10-16 13:38
    VLAI
    Summary
    Whale browser before 4.33.325.17 allows an attacker to bypass the Same-Origin Policy in a dual-tab environment.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-346 - Origin Validation Error
    Assigner
    References
    Impacted products
    Vendor Product Version
    NAVER NAVER Whale browser Unaffected: 4.33.325.17
    Create a notification for this product.
    Credits
    Mingi Jung, mingijung.grape@gmail.com, Ulsan National Institute of Science and Technology-Web Sec Lab
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "NONE",
                  "baseScore": 7.5,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "NONE",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-62584",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-10-16T13:38:19.251887Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-10-16T13:38:54.575Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "NAVER Whale browser",
              "vendor": "NAVER",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "4.33.325.17"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Mingi Jung, mingijung.grape@gmail.com, Ulsan National Institute of Science and Technology-Web Sec Lab"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Whale browser before 4.33.325.17 allows an attacker to bypass the Same-Origin Policy in a dual-tab environment."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-346",
                  "description": "CWE-346 Origin Validation Error",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-10-16T06:52:25.232Z",
            "orgId": "f9629fae-ca2e-4fbf-9785-3ed86476aef6",
            "shortName": "naver"
          },
          "references": [
            {
              "name": "NAVER Security Advisory",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://cve.naver.com/detail/cve-2025-62584.html"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f9629fae-ca2e-4fbf-9785-3ed86476aef6",
        "assignerShortName": "naver",
        "cveId": "CVE-2025-62584",
        "datePublished": "2025-10-16T06:52:25.232Z",
        "dateReserved": "2025-10-16T06:44:59.554Z",
        "dateUpdated": "2025-10-16T13:38:54.575Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-62583 (GCVE-0-2025-62583)

    Vulnerability from cvelistv5 – Published: 2025-10-16 06:52 – Updated: 2025-10-16 14:09
    VLAI
    Summary
    Whale Browser before 4.33.325.17 allows an attacker to escape the iframe sandbox in a dual-tab environment.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-358 - Improperly Implemented Security Check for Standard
    Assigner
    References
    Impacted products
    Vendor Product Version
    NAVER NAVER Whale browser Unaffected: 4.33.325.17
    Create a notification for this product.
    Credits
    Mingi Jung, mingijung.grape@gmail.com, Ulsan National Institute of Science and Technology-Web Sec Lab
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 9.8,
                  "baseSeverity": "CRITICAL",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-62583",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-10-16T13:58:39.555252Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-10-16T14:09:03.582Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "NAVER Whale browser",
              "vendor": "NAVER",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "4.33.325.17"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Mingi Jung, mingijung.grape@gmail.com, Ulsan National Institute of Science and Technology-Web Sec Lab"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Whale Browser before 4.33.325.17 allows an attacker to escape the iframe sandbox in a dual-tab environment."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-358",
                  "description": "CWE-358 Improperly Implemented Security Check for Standard",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-10-16T06:52:12.797Z",
            "orgId": "f9629fae-ca2e-4fbf-9785-3ed86476aef6",
            "shortName": "naver"
          },
          "references": [
            {
              "name": "NAVER Security Advisory",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://cve.naver.com/detail/cve-2025-62583.html"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f9629fae-ca2e-4fbf-9785-3ed86476aef6",
        "assignerShortName": "naver",
        "cveId": "CVE-2025-62583",
        "datePublished": "2025-10-16T06:52:12.797Z",
        "dateReserved": "2025-10-16T06:44:59.553Z",
        "dateUpdated": "2025-10-16T14:09:03.582Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-53600 (GCVE-0-2025-53600)

    Vulnerability from cvelistv5 – Published: 2025-07-04 07:20 – Updated: 2025-07-08 17:39
    VLAI
    Summary
    Whale browser before 4.32.315.22 allow an attacker to bypass the Same-Origin Policy in a dual-tab environment.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-346 - Origin Validation Error
    Assigner
    References
    Impacted products
    Vendor Product Version
    NAVER NAVER Whale browser Unaffected: 4.32.315.22
    Create a notification for this product.
    Credits
    Mingi Jung (UNIST WebSec), mingijung.grape@gmail.com, Ulsan National Institute of Science and Technology Web Sec Lab
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "NONE",
                  "baseScore": 7.5,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "NONE",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-53600",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-07-07T19:46:16.025413Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-07-08T17:39:08.750Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "NAVER Whale browser",
              "vendor": "NAVER",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "4.32.315.22"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Mingi Jung (UNIST WebSec), mingijung.grape@gmail.com, Ulsan National Institute of Science and Technology Web Sec Lab"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Whale browser before 4.32.315.22 allow an attacker to bypass the Same-Origin Policy in a dual-tab environment."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-346",
                  "description": "CWE-346 Origin Validation Error",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-07-04T07:20:26.014Z",
            "orgId": "f9629fae-ca2e-4fbf-9785-3ed86476aef6",
            "shortName": "naver"
          },
          "references": [
            {
              "name": "NAVER Security Advisory",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://cve.naver.com/detail/cve-2025-53600.html"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f9629fae-ca2e-4fbf-9785-3ed86476aef6",
        "assignerShortName": "naver",
        "cveId": "CVE-2025-53600",
        "datePublished": "2025-07-04T07:20:26.014Z",
        "dateReserved": "2025-07-04T07:13:26.677Z",
        "dateUpdated": "2025-07-08T17:39:08.750Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-53599 (GCVE-0-2025-53599)

    Vulnerability from cvelistv5 – Published: 2025-07-04 07:20 – Updated: 2025-07-08 17:39
    VLAI
    Summary
    Whale browser for iOS before 3.9.1.4206 allow an attacker to execute malicious scripts in the browser via a crafted javascript scheme.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    Assigner
    References
    Impacted products
    Vendor Product Version
    NAVER NAVER Whale browser Unaffected: 3.9.1.4206
    Create a notification for this product.
    Credits
    un3xploitable
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 9.8,
                  "baseSeverity": "CRITICAL",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-53599",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-07-07T19:46:24.649720Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-07-08T17:39:15.377Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "platforms": [
                "iOS"
              ],
              "product": "NAVER Whale browser",
              "vendor": "NAVER",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "3.9.1.4206"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "un3xploitable"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Whale browser for iOS before 3.9.1.4206 allow an attacker to execute malicious scripts in the browser via a crafted javascript scheme."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-07-04T07:20:11.124Z",
            "orgId": "f9629fae-ca2e-4fbf-9785-3ed86476aef6",
            "shortName": "naver"
          },
          "references": [
            {
              "name": "NAVER Security Advisory",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://cve.naver.com/detail/cve-2025-53599.html"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f9629fae-ca2e-4fbf-9785-3ed86476aef6",
        "assignerShortName": "naver",
        "cveId": "CVE-2025-53599",
        "datePublished": "2025-07-04T07:20:11.124Z",
        "dateReserved": "2025-07-04T07:13:26.676Z",
        "dateUpdated": "2025-07-08T17:39:15.377Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-40618 (GCVE-0-2024-40618)

    Vulnerability from cvelistv5 – Published: 2024-07-11 01:24 – Updated: 2024-08-02 04:33
    VLAI
    Summary
    Whale browser before 3.26.244.21 allows an attacker to execute malicious JavaScript due to improper sanitization when processing a built-in extension.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    Assigner
    References
    Impacted products
    Vendor Product Version
    NAVER NAVER Whale browser Unaffected: 3.26.244.21
    Create a notification for this product.
    naver whale_browser Affected: 0 , < 3.26.244.21 (custom)
        cpe:2.3:a:naver:whale_browser:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    James Dean (YSK)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:naver:whale_browser:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "whale_browser",
                "vendor": "naver",
                "versions": [
                  {
                    "lessThan": "3.26.244.21",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "LOW",
                  "baseScore": 9.6,
                  "baseSeverity": "CRITICAL",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "CHANGED",
                  "userInteraction": "REQUIRED",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:L",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-40618",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-07-12T14:56:23.905753Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-07-12T14:56:51.466Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T04:33:11.796Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "NAVER Security Advisory",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://cve.naver.com/detail/cve-2024-40618.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "NAVER Whale browser",
              "vendor": "NAVER",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "3.26.244.21"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "James Dean (YSK)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Whale browser before 3.26.244.21 allows an attacker to execute malicious JavaScript due to improper sanitization when processing a built-in extension."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-07-11T01:24:41.321Z",
            "orgId": "f9629fae-ca2e-4fbf-9785-3ed86476aef6",
            "shortName": "naver"
          },
          "references": [
            {
              "name": "NAVER Security Advisory",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://cve.naver.com/detail/cve-2024-40618.html"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f9629fae-ca2e-4fbf-9785-3ed86476aef6",
        "assignerShortName": "naver",
        "cveId": "CVE-2024-40618",
        "datePublished": "2024-07-11T01:24:41.321Z",
        "dateReserved": "2024-07-08T06:05:59.601Z",
        "dateUpdated": "2024-08-02T04:33:11.796Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-25632 (GCVE-0-2023-25632)

    Vulnerability from cvelistv5 – Published: 2023-11-27 07:03 – Updated: 2024-10-11 17:58
    VLAI
    Summary
    The Android Mobile Whale browser app before 3.0.1.2 allows the attacker to bypass its browser unlock function via 'Open in Whale' feature.
    Severity
    No CVSS data available.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-359 - Exposure of Private Personal Information to an Unauthorized Actor
    Assigner
    References
    Impacted products
    Vendor Product Version
    NAVER NAVER Whale browser Unaffected: 3.0.1.2
    Create a notification for this product.
    Credits
    Mohit Raj (shadow2639), sec4life@protonmail.com
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T11:25:19.289Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "NAVER Security Advisory",
                "tags": [
                  "x_transferred"
                ],
                "url": "https://cve.naver.com/detail/cve-2023-25632.html"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-25632",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-11T17:51:37.401604Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-11T17:58:24.336Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "platforms": [
                "Android"
              ],
              "product": "NAVER Whale browser",
              "vendor": "NAVER",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "3.0.1.2"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Mohit Raj (shadow2639), sec4life@protonmail.com"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The Android Mobile Whale browser app before 3.0.1.2 allows the attacker to bypass its browser unlock function via \u0027Open in Whale\u0027 feature."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-359",
                  "description": "CWE-359 Exposure of Private Personal Information to an Unauthorized Actor",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-09-06T02:36:55.395Z",
            "orgId": "f9629fae-ca2e-4fbf-9785-3ed86476aef6",
            "shortName": "naver"
          },
          "references": [
            {
              "name": "NAVER Security Advisory",
              "url": "https://cve.naver.com/detail/cve-2023-25632.html"
            }
          ],
          "source": {
            "advisory": "NIST",
            "discovery": "EXTERNAL"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f9629fae-ca2e-4fbf-9785-3ed86476aef6",
        "assignerShortName": "naver",
        "cveId": "CVE-2023-25632",
        "datePublished": "2023-11-27T07:03:12.145Z",
        "dateReserved": "2023-02-09T15:55:25.113Z",
        "dateUpdated": "2024-10-11T17:58:24.336Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-9754 (GCVE-0-2020-9754)

    Vulnerability from cvelistv5 – Published: 2022-06-27 01:40 – Updated: 2024-08-04 10:43
    VLAI
    Summary
    NAVER Whale browser mobile app before 1.10.6.2 allows the attacker to bypass its browser unlock function via incognito mode.
    Severity
    No CVSS data available.
    CWE
    • CWE-284 - Improper Access Control
    Assigner
    References
    Impacted products
    Vendor Product Version
    NAVER NAVER Whale browser Affected: unspecified , < 1.10.6.2 (custom)
    Create a notification for this product.
    Credits
    Jaeyong Bae(jdragon.bae@gmail.com)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T10:43:04.600Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://cve.naver.com/detail/cve-2020-9754.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "NAVER Whale browser",
              "vendor": "NAVER",
              "versions": [
                {
                  "lessThan": "1.10.6.2",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Jaeyong Bae(jdragon.bae@gmail.com)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "NAVER Whale browser mobile app before 1.10.6.2 allows the attacker to bypass its browser unlock function via incognito mode."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-284",
                  "description": "CWE-284: Improper Access Control",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-06-27T01:40:09.000Z",
            "orgId": "f9629fae-ca2e-4fbf-9785-3ed86476aef6",
            "shortName": "naver"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://cve.naver.com/detail/cve-2020-9754.html"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@navercorp.com",
              "ID": "CVE-2020-9754",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "NAVER Whale browser",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "1.10.6.2"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "NAVER"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "Jaeyong Bae(jdragon.bae@gmail.com)"
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "NAVER Whale browser mobile app before 1.10.6.2 allows the attacker to bypass its browser unlock function via incognito mode."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-284: Improper Access Control"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://cve.naver.com/detail/cve-2020-9754.html",
                  "refsource": "CONFIRM",
                  "url": "https://cve.naver.com/detail/cve-2020-9754.html"
                }
              ]
            },
            "source": {
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f9629fae-ca2e-4fbf-9785-3ed86476aef6",
        "assignerShortName": "naver",
        "cveId": "CVE-2020-9754",
        "datePublished": "2022-06-27T01:40:09.000Z",
        "dateReserved": "2020-03-02T00:00:00.000Z",
        "dateUpdated": "2024-08-04T10:43:04.600Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-24075 (GCVE-0-2022-24075)

    Vulnerability from cvelistv5 – Published: 2022-03-17 05:20 – Updated: 2024-08-03 03:59
    VLAI
    Summary
    Whale browser before 3.12.129.18 allowed extensions to replace JavaScript files of the HWP viewer website which could access to local HWP files. When the HWP files were opened, the replaced script could read the files.
    Severity
    No CVSS data available.
    CWE
    • CWE-552 - Files or Directories Accessible to External Parties
    Assigner
    References
    URL Tags
    https://cve.naver.com/detail/cve-2022-24075 x_refsource_CONFIRM
    Impacted products
    Vendor Product Version
    NAVER NAVER Whale browser Affected: unspecified , < 3.12.129.46 (custom)
    Create a notification for this product.
    Credits
    Young Min Kim
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T03:59:23.602Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://cve.naver.com/detail/cve-2022-24075"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "NAVER Whale browser",
              "vendor": "NAVER",
              "versions": [
                {
                  "lessThan": "3.12.129.46",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Young Min Kim"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Whale browser before 3.12.129.18 allowed extensions to replace JavaScript files of the HWP viewer website which could access to local HWP files. When the HWP files were opened, the replaced script could read the files."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-552",
                  "description": "CWE-552: Files or Directories Accessible to External Parties",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-03-17T05:20:17.000Z",
            "orgId": "f9629fae-ca2e-4fbf-9785-3ed86476aef6",
            "shortName": "naver"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://cve.naver.com/detail/cve-2022-24075"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@navercorp.com",
              "ID": "CVE-2022-24075",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "NAVER Whale browser",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "3.12.129.46"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "NAVER"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "Young Min Kim"
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Whale browser before 3.12.129.18 allowed extensions to replace JavaScript files of the HWP viewer website which could access to local HWP files. When the HWP files were opened, the replaced script could read the files."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-552: Files or Directories Accessible to External Parties"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://cve.naver.com/detail/cve-2022-24075",
                  "refsource": "CONFIRM",
                  "url": "https://cve.naver.com/detail/cve-2022-24075"
                }
              ]
            },
            "source": {
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f9629fae-ca2e-4fbf-9785-3ed86476aef6",
        "assignerShortName": "naver",
        "cveId": "CVE-2022-24075",
        "datePublished": "2022-03-17T05:20:17.000Z",
        "dateReserved": "2022-01-27T00:00:00.000Z",
        "dateUpdated": "2024-08-03T03:59:23.602Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-24074 (GCVE-0-2022-24074)

    Vulnerability from cvelistv5 – Published: 2022-03-17 05:20 – Updated: 2024-08-03 03:59
    VLAI
    Summary
    Whale Bridge, a default extension in Whale browser before 3.12.129.18, allowed to receive any SendMessage request from the content script itself that could lead to controlling Whale Bridge if the rendering process compromises.
    Severity
    No CVSS data available.
    CWE
    • CWE-668 - Exposure of Resource to Wrong Sphere
    Assigner
    References
    URL Tags
    https://cve.naver.com/detail/cve-2022-24074 x_refsource_CONFIRM
    Impacted products
    Vendor Product Version
    NAVER NAVER Whale browser Affected: unspecified , < 3.12.129.46 (custom)
    Create a notification for this product.
    Credits
    Young Min Kim
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T03:59:23.649Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://cve.naver.com/detail/cve-2022-24074"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "NAVER Whale browser",
              "vendor": "NAVER",
              "versions": [
                {
                  "lessThan": "3.12.129.46",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Young Min Kim"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Whale Bridge, a default extension in Whale browser before 3.12.129.18, allowed to receive any SendMessage request from the content script itself that could lead to controlling Whale Bridge if the rendering process compromises."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-668",
                  "description": "CWE-668: Exposure of Resource to Wrong Sphere",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-03-17T05:20:16.000Z",
            "orgId": "f9629fae-ca2e-4fbf-9785-3ed86476aef6",
            "shortName": "naver"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://cve.naver.com/detail/cve-2022-24074"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@navercorp.com",
              "ID": "CVE-2022-24074",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "NAVER Whale browser",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "3.12.129.46"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "NAVER"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "Young Min Kim"
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Whale Bridge, a default extension in Whale browser before 3.12.129.18, allowed to receive any SendMessage request from the content script itself that could lead to controlling Whale Bridge if the rendering process compromises."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-668: Exposure of Resource to Wrong Sphere"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://cve.naver.com/detail/cve-2022-24074",
                  "refsource": "CONFIRM",
                  "url": "https://cve.naver.com/detail/cve-2022-24074"
                }
              ]
            },
            "source": {
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f9629fae-ca2e-4fbf-9785-3ed86476aef6",
        "assignerShortName": "naver",
        "cveId": "CVE-2022-24074",
        "datePublished": "2022-03-17T05:20:16.000Z",
        "dateReserved": "2022-01-27T00:00:00.000Z",
        "dateUpdated": "2024-08-03T03:59:23.649Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-24073 (GCVE-0-2022-24073)

    Vulnerability from cvelistv5 – Published: 2022-03-17 05:20 – Updated: 2024-08-03 03:59
    VLAI
    Summary
    The Web Request API in Whale browser before 3.12.129.18 allowed to deny access to the extension store or redirect to any URL when users access the store.
    Severity
    No CVSS data available.
    CWE
    • CWE-648 - Incorrect Use of Privileged APIs
    Assigner
    References
    URL Tags
    https://cve.naver.com/detail/cve-2022-24073 x_refsource_CONFIRM
    Impacted products
    Vendor Product Version
    NAVER NAVER Whale browser Affected: unspecified , < 3.12.129.46 (custom)
    Create a notification for this product.
    Credits
    Young Min Kim
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T03:59:23.677Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://cve.naver.com/detail/cve-2022-24073"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "NAVER Whale browser",
              "vendor": "NAVER",
              "versions": [
                {
                  "lessThan": "3.12.129.46",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Young Min Kim"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The Web Request API in Whale browser before 3.12.129.18 allowed to deny access to the extension store or redirect to any URL when users access the store."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-648",
                  "description": "CWE-648: Incorrect Use of Privileged APIs",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-03-17T05:20:14.000Z",
            "orgId": "f9629fae-ca2e-4fbf-9785-3ed86476aef6",
            "shortName": "naver"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://cve.naver.com/detail/cve-2022-24073"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@navercorp.com",
              "ID": "CVE-2022-24073",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "NAVER Whale browser",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "3.12.129.46"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "NAVER"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "Young Min Kim"
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The Web Request API in Whale browser before 3.12.129.18 allowed to deny access to the extension store or redirect to any URL when users access the store."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-648: Incorrect Use of Privileged APIs"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://cve.naver.com/detail/cve-2022-24073",
                  "refsource": "CONFIRM",
                  "url": "https://cve.naver.com/detail/cve-2022-24073"
                }
              ]
            },
            "source": {
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f9629fae-ca2e-4fbf-9785-3ed86476aef6",
        "assignerShortName": "naver",
        "cveId": "CVE-2022-24073",
        "datePublished": "2022-03-17T05:20:14.000Z",
        "dateReserved": "2022-01-27T00:00:00.000Z",
        "dateUpdated": "2024-08-03T03:59:23.677Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-24072 (GCVE-0-2022-24072)

    Vulnerability from cvelistv5 – Published: 2022-03-17 05:20 – Updated: 2024-08-03 03:59
    VLAI
    Summary
    The devtools API in Whale browser before 3.12.129.18 allowed extension developers to inject arbitrary JavaScript into the extension store web page via devtools.inspectedWindow, leading to extensions downloading and uploading when users open the developer tool.
    Severity
    No CVSS data available.
    CWE
    • CWE-269 - Improper Privilege Management
    Assigner
    References
    URL Tags
    https://cve.naver.com/detail/cve-2022-24072 x_refsource_CONFIRM
    Impacted products
    Vendor Product Version
    NAVER NAVER Whale browser Affected: unspecified , < 3.12.129.46 (custom)
    Create a notification for this product.
    Credits
    Young Min Kim
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T03:59:23.580Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://cve.naver.com/detail/cve-2022-24072"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "NAVER Whale browser",
              "vendor": "NAVER",
              "versions": [
                {
                  "lessThan": "3.12.129.46",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Young Min Kim"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The devtools API in Whale browser before 3.12.129.18 allowed extension developers to inject arbitrary JavaScript into the extension store web page via devtools.inspectedWindow, leading to extensions downloading and uploading when users open the developer tool."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-269",
                  "description": "CWE-269: Improper Privilege Management",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-03-17T05:20:13.000Z",
            "orgId": "f9629fae-ca2e-4fbf-9785-3ed86476aef6",
            "shortName": "naver"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://cve.naver.com/detail/cve-2022-24072"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@navercorp.com",
              "ID": "CVE-2022-24072",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "NAVER Whale browser",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "3.12.129.46"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "NAVER"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "Young Min Kim"
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The devtools API in Whale browser before 3.12.129.18 allowed extension developers to inject arbitrary JavaScript into the extension store web page via devtools.inspectedWindow, leading to extensions downloading and uploading when users open the developer tool."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-269: Improper Privilege Management"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://cve.naver.com/detail/cve-2022-24072",
                  "refsource": "CONFIRM",
                  "url": "https://cve.naver.com/detail/cve-2022-24072"
                }
              ]
            },
            "source": {
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f9629fae-ca2e-4fbf-9785-3ed86476aef6",
        "assignerShortName": "naver",
        "cveId": "CVE-2022-24072",
        "datePublished": "2022-03-17T05:20:13.000Z",
        "dateReserved": "2022-01-27T00:00:00.000Z",
        "dateUpdated": "2024-08-03T03:59:23.580Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-24071 (GCVE-0-2022-24071)

    Vulnerability from cvelistv5 – Published: 2022-01-28 10:04 – Updated: 2024-08-03 03:59
    VLAI
    Summary
    A Built-in extension in Whale browser before 3.12.129.46 allows attackers to compromise the rendering process which could lead to controlling browser internal APIs.
    Severity
    No CVSS data available.
    CWE
    • CWE-648 - Incorrect Use of Privileged APIs
    Assigner
    References
    URL Tags
    https://cve.naver.com/detail/cve-2022-24071 x_refsource_CONFIRM
    Impacted products
    Vendor Product Version
    NAVER NAVER Whale browser Affected: unspecified , < 3.12.129.46 (custom)
    Create a notification for this product.
    Credits
    Young Min Kim
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T03:59:23.786Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://cve.naver.com/detail/cve-2022-24071"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "NAVER Whale browser",
              "vendor": "NAVER",
              "versions": [
                {
                  "lessThan": "3.12.129.46",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Young Min Kim"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A Built-in extension in Whale browser before 3.12.129.46 allows attackers to compromise the rendering process which could lead to controlling browser internal APIs."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-648",
                  "description": "CWE-648: Incorrect Use of Privileged APIs",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-01-28T10:04:53.000Z",
            "orgId": "f9629fae-ca2e-4fbf-9785-3ed86476aef6",
            "shortName": "naver"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://cve.naver.com/detail/cve-2022-24071"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@navercorp.com",
              "ID": "CVE-2022-24071",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "NAVER Whale browser",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "3.12.129.46"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "NAVER"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "Young Min Kim"
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A Built-in extension in Whale browser before 3.12.129.46 allows attackers to compromise the rendering process which could lead to controlling browser internal APIs."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-648: Incorrect Use of Privileged APIs"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://cve.naver.com/detail/cve-2022-24071",
                  "refsource": "CONFIRM",
                  "url": "https://cve.naver.com/detail/cve-2022-24071"
                }
              ]
            },
            "source": {
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f9629fae-ca2e-4fbf-9785-3ed86476aef6",
        "assignerShortName": "naver",
        "cveId": "CVE-2022-24071",
        "datePublished": "2022-01-28T10:04:53.000Z",
        "dateReserved": "2022-01-27T00:00:00.000Z",
        "dateUpdated": "2024-08-03T03:59:23.786Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }