CVE-2022-24074

Published: Mar 17, 2022Modified: Nov 21, 2024

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

Whale Bridge, a default extension in Whale browser before 3.12.129.18, allowed to receive any SendMessage request from the content script itself that could lead to controlling Whale Bridge if the rendering process compromises.

Affected (1)

Products: Navercorp: Whale

Navercorp

1 product

Whale

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Navercorp Whale	Before 3.12.129.18

Related CWEs

CWE-668

Exposure of Resource to Wrong Sphere

The product exposes a resource to the wrong control sphere, providing unintended actors with inappropriate access to the resource.

References (2)

https://cve.naver.com/detail/cve-2022-24074

Source: cve@navercorp.com

Vendor Advisory

https://cve.naver.com/detail/cve-2022-24074

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.