CVE-2022-24074
CRITICALWhale < 3.12.129.18 - Exposure of Resource to Wrong Sphere via Whale Bridge SendMessage
Title source: llmDescription
Whale Bridge, a default extension in Whale browser before 3.12.129.18, allowed to receive any SendMessage request from the content script itself that could lead to controlling Whale Bridge if the rendering process compromises.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_confirm
https://cve.naver.com/detail/cve-2022-24074
Scores
CVSS v3
9.8
EPSS
0.0101
EPSS Percentile
58.5%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-668
Status
published
Products (1)
navercorp/whale
< 3.12.129.18
Published
Mar 17, 2022
Tracked Since
Feb 18, 2026