Every CVE whose affected-product data names Navercorp Whale, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (19)
CVE-2022-24074 — CVSS 9.8 (critical): Whale Bridge, a default extension in Whale browser before 3.12.129.18, allowed to receive any SendMessage request from the content script…
CVE-2025-53599 — CVSS 9.8 (critical): Whale browser for iOS before 3.9.1.4206 allow an attacker to execute malicious scripts in the browser via a crafted javascript scheme.
CVE-2025-62583 — CVSS 9.8 (critical): Whale Browser before 4.33.325.17 allows an attacker to escape the iframe sandbox in a dual-tab environment.
CVE-2025-69234 — CVSS 9.1 (critical): Whale browser before 4.35.351.12 allows an attacker to escape the iframe sandbox in a sidebar environment.
CVE-2018-9859 — CVSS 8.1 (high): The path of Whale update service was unquoted in NAVER Whale before 1.0.40.7. This vulnerability can be used for persistent privilege…
CVE-2025-69235 — CVSS 7.5 (high): Whale browser before 4.35.351.12 allows an attacker to bypass the Same-Origin Policy in a sidebar environment.
CVE-2025-53600 — CVSS 7.5 (high): Whale browser before 4.32.315.22 allow an attacker to bypass the Same-Origin Policy in a dual-tab environment.
CVE-2025-62584 — CVSS 7.5 (high): Whale browser before 4.33.325.17 allows an attacker to bypass the Same-Origin Policy in a dual-tab environment.
CVE-2025-62585 — CVSS 7.5 (high): Whale browser before 4.33.325.17 allows an attacker to bypass the Content Security Policy via a specific scheme in a dual-tab environment.
CVE-2022-24073 — CVSS 7.1 (high): The Web Request API in Whale browser before 3.12.129.18 allowed to deny access to the extension store or redirect to any URL when users…
CVE-2022-24075 — CVSS 6.5 (medium): Whale browser before 3.12.129.18 allowed extensions to replace JavaScript files of the HWP viewer website which could access to local HWP…
CVE-2022-24072 — CVSS 6.1 (medium): The devtools API in Whale browser before 3.12.129.18 allowed extension developers to inject arbitrary JavaScript into the extension store…
CVE-2020-9754 — CVSS 5.3 (medium): NAVER Whale browser mobile app before 1.10.6.2 allows the attacker to bypass its browser unlock function via incognito mode.
CVE-2018-7635 — CVSS 5.3 (medium): Whale Browser before 1.0.41.8 displays no URL information but only a title of a web page on the browser's address bar when visiting a blank…
CVE-2021-33593 — CVSS 5.3 (medium): Whale browser for iOS before 1.14.0 has an inconsistent user interface issue that allows an attacker to obfuscate the address bar which may…
CVE-2018-12448 — CVSS 5.3 (medium): Whale Browser before 1.3.48.4 displays no URL information but only a title of a web page on the browser's address bar when visiting a…
CVE-2022-24071 — CVSS 4.3 (medium): A Built-in extension in Whale browser before 3.12.129.46 allows attackers to compromise the rendering process which could lead to…