CVE-2022-24074

CRITICAL

Whale Browser <3.12.129.18 - RCE

Title source: llm

Description

Whale Bridge, a default extension in Whale browser before 3.12.129.18, allowed to receive any SendMessage request from the content script itself that could lead to controlling Whale Bridge if the rendering process compromises.

References (1)

[Vendor Advisory] https://cve.naver.com/detail/cve-2022-24074

Scores

CVSS v3 9.8

EPSS 0.0050

EPSS Percentile 65.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Classification

CWE

CWE-668

Status published

Affected Products (1)

navercorp/whale < 3.12.129.18

Timeline

Published Mar 17, 2022

Tracked Since Feb 18, 2026