Whale browser Installer

CVEs (9)

CVE	Vendor / Product	Sev	Risk	CVSS	Published	Description
CVE-2024-40618	Naver Whale browser Installer	Cri	0.62	9.6	Jul 11, 2024	Whale browser before 3.26.244.21 allows an attacker to execute malicious JavaScript due to improper sanitization when processing a built-in extension.
CVE-2024-50583	Naver Whale browser Installer	Med	0.41	6.3	Oct 25, 2024	Whale browser Installer before 3.1.0.0 allows an attacker to execute a malicious DLL in the user environment due to improper permission settings.
CVE-2020-9754	Naver Whale browser Installer		0.00	—	Jun 27, 2022	NAVER Whale browser mobile app before 1.10.6.2 allows the attacker to bypass its browser unlock function via incognito mode.
CVE-2022-24071	Naver Whale browser Installer		0.00	—	Jan 28, 2022	A Built-in extension in Whale browser before 3.12.129.46 allows attackers to compromise the rendering process which could lead to controlling browser internal APIs.
CVE-2021-33593	Naver Whale browser Installer		0.00	—	Nov 2, 2021	Whale browser for iOS before 1.14.0 has an inconsistent user interface issue that allows an attacker to obfuscate the address bar which may lead to address bar spoofing.
CVE-2020-9753	Naver Whale browser Installer		0.00	—	May 20, 2020	Whale Browser Installer before 1.2.0.5 versions don't support signature verification for Flash installer.
CVE-2018-12449	Naver Whale browser Installer		0.00	—	Oct 11, 2018	The Whale browser installer 0.4.3.0 and earlier versions allows DLL hijacking.
CVE-2018-12448	Naver Whale browser Installer		0.00	—	Aug 2, 2018	Whale Browser before 1.3.48.4 displays no URL information but only a title of a web page on the browser's address bar when visiting a non-http page, which allows an attacker to display a malicious web page with a fake domain name.
CVE-2018-7635	Naver Whale browser Installer		0.00	—	Jul 3, 2018	Whale Browser before 1.0.41.8 displays no URL information but only a title of a web page on the browser's address bar when visiting a blank page, which allows an attacker to display a malicious web page with a fake domain name.

CVE-2024-40618CriJul 11, 2024
Naver
Whale browser Installer
risk 0.62cvss 9.6epss 0.00
Whale browser before 3.26.244.21 allows an attacker to execute malicious JavaScript due to improper sanitization when processing a built-in extension.
CVE-2024-50583MedOct 25, 2024
Naver
Whale browser Installer
risk 0.41cvss 6.3epss 0.00
Whale browser Installer before 3.1.0.0 allows an attacker to execute a malicious DLL in the user environment due to improper permission settings.
CVE-2020-9754Jun 27, 2022
Naver
Whale browser Installer
risk 0.00cvss —epss 0.00
NAVER Whale browser mobile app before 1.10.6.2 allows the attacker to bypass its browser unlock function via incognito mode.
CVE-2022-24071Jan 28, 2022
Naver
Whale browser Installer
risk 0.00cvss —epss 0.00
A Built-in extension in Whale browser before 3.12.129.46 allows attackers to compromise the rendering process which could lead to controlling browser internal APIs.
CVE-2021-33593Nov 2, 2021
Naver
Whale browser Installer
risk 0.00cvss —epss 0.00
Whale browser for iOS before 1.14.0 has an inconsistent user interface issue that allows an attacker to obfuscate the address bar which may lead to address bar spoofing.
CVE-2020-9753May 20, 2020
Naver
Whale browser Installer
risk 0.00cvss —epss 0.00
Whale Browser Installer before 1.2.0.5 versions don't support signature verification for Flash installer.
CVE-2018-12449Oct 11, 2018
Naver
Whale browser Installer
risk 0.00cvss —epss 0.00
The Whale browser installer 0.4.3.0 and earlier versions allows DLL hijacking.
CVE-2018-12448Aug 2, 2018
Naver
Whale browser Installer
risk 0.00cvss —epss 0.00
Whale Browser before 1.3.48.4 displays no URL information but only a title of a web page on the browser's address bar when visiting a non-http page, which allows an attacker to display a malicious web page with a fake domain name.
CVE-2018-7635Jul 3, 2018
Naver
Whale browser Installer
risk 0.00cvss —epss 0.00
Whale Browser before 1.0.41.8 displays no URL information but only a title of a web page on the browser's address bar when visiting a blank page, which allows an attacker to display a malicious web page with a fake domain name.