GCVE - cpe:2.3:a:naver:naver_whale_browser:*:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:naver:naver_whale_browser:*:*:*:*:*:*:*:*

part: a version: * update: *

Vendor	Naver (`2e3d4894-d5bf-53f1-9aff-80b030ad77c4`)
Product	Naver Whale Browser (`fd6850dd-330d-5383-b02b-ddf2b2f86ff5`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from gcve-enriched-dumps CVE data

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2025-69235`	not_vulnerable	2026-06-03 15:11:04.767223	Details available Whale browser before 4.35.351.12 allows an attacker to bypass the Same-Origin Policy in a sidebar environment. Published: 2025-12-30T01:22:57.770Z Updated: 2025-12-31T17:15:35.598Z Open on db.gcve.eu Reference links https://cve.naver.com/detail/cve-2025-69235.html	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2025-69234`	not_vulnerable	2026-06-03 15:11:04.765580	Details available Whale browser before 4.35.351.12 allows an attacker to escape the iframe sandbox in a sidebar environment. Published: 2025-12-30T01:18:05.718Z Updated: 2025-12-31T17:17:34.260Z Open on db.gcve.eu Reference links https://cve.naver.com/detail/cve-2025-69234.html	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2025-62585`	not_vulnerable	2026-06-03 15:07:59.160641	Details available Whale browser before 4.33.325.17 allows an attacker to bypass the Content Security Policy via a specific scheme in a dual-tab environment. Published: 2025-10-16T06:52:34.974Z Updated: 2025-10-16T13:36:56.579Z Open on db.gcve.eu Reference links https://cve.naver.com/detail/cve-2025-62585.html	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2025-62584`	not_vulnerable	2026-06-03 15:07:59.160366	Details available Whale browser before 4.33.325.17 allows an attacker to bypass the Same-Origin Policy in a dual-tab environment. Published: 2025-10-16T06:52:25.232Z Updated: 2025-10-16T13:38:54.575Z Open on db.gcve.eu Reference links https://cve.naver.com/detail/cve-2025-62584.html	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2025-62583`	not_vulnerable	2026-06-03 15:07:59.159018	Details available Whale Browser before 4.33.325.17 allows an attacker to escape the iframe sandbox in a dual-tab environment. Published: 2025-10-16T06:52:12.797Z Updated: 2025-10-16T14:09:03.582Z Open on db.gcve.eu Reference links https://cve.naver.com/detail/cve-2025-62583.html	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2025-53600`	not_vulnerable	2026-06-03 15:03:54.371223	Details available Whale browser before 4.32.315.22 allow an attacker to bypass the Same-Origin Policy in a dual-tab environment. Published: 2025-07-04T07:20:26.014Z Updated: 2025-07-08T17:39:08.750Z Open on db.gcve.eu Reference links https://cve.naver.com/detail/cve-2025-53600.html	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2025-53599`	not_vulnerable	2026-06-03 15:03:54.369805	Details available Whale browser for iOS before 3.9.1.4206 allow an attacker to execute malicious scripts in the browser via a crafted javascript scheme. Published: 2025-07-04T07:20:11.124Z Updated: 2025-07-08T17:39:15.377Z Open on db.gcve.eu Reference links https://cve.naver.com/detail/cve-2025-53599.html	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2024-40618`	not_vulnerable	2026-06-03 14:56:33.169567	Details available Whale browser before 3.26.244.21 allows an attacker to execute malicious JavaScript due to improper sanitization when processing a built-in extension. Published: 2024-07-11T01:24:41.321Z Updated: 2024-08-02T04:33:11.796Z Open on db.gcve.eu Reference links https://cve.naver.com/detail/cve-2024-40618.html	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2023-25632`	not_vulnerable	2026-06-03 14:49:33.182418	Details available The Android Mobile Whale browser app before 3.0.1.2 allows the attacker to bypass its browser unlock function via 'Open in Whale' feature. Published: 2023-11-27T07:03:12.145Z Updated: 2024-10-11T17:58:24.336Z Open on db.gcve.eu Reference links https://cve.naver.com/detail/cve-2023-25632.html	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2022-24075`	vulnerable	2026-06-03 14:46:29.302916	Details available Whale browser before 3.12.129.18 allowed extensions to replace JavaScript files of the HWP viewer website which could access to local HWP files. When the HWP files were opened, the replaced script could read the files. Published: 2022-03-17T05:20:17.000Z Updated: 2024-08-03T03:59:23.602Z Open on db.gcve.eu Reference links https://cve.naver.com/detail/cve-2022-24075	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2022-24074`	vulnerable	2026-06-03 14:46:29.302622	Details available Whale Bridge, a default extension in Whale browser before 3.12.129.18, allowed to receive any SendMessage request from the content script itself that could lead to controlling Whale Bridge if the rendering process compromises. Published: 2022-03-17T05:20:16.000Z Updated: 2024-08-03T03:59:23.649Z Open on db.gcve.eu Reference links https://cve.naver.com/detail/cve-2022-24074	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2022-24073`	vulnerable	2026-06-03 14:46:29.302306	Details available The Web Request API in Whale browser before 3.12.129.18 allowed to deny access to the extension store or redirect to any URL when users access the store. Published: 2022-03-17T05:20:14.000Z Updated: 2024-08-03T03:59:23.677Z Open on db.gcve.eu Reference links https://cve.naver.com/detail/cve-2022-24073	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2022-24072`	vulnerable	2026-06-03 14:46:29.301071	Details available The devtools API in Whale browser before 3.12.129.18 allowed extension developers to inject arbitrary JavaScript into the extension store web page via devtools.inspectedWindow, leading to extensions downloading and uploading when users open the developer tool. Published: 2022-03-17T05:20:13.000Z Updated: 2024-08-03T03:59:23.580Z Open on db.gcve.eu Reference links https://cve.naver.com/detail/cve-2022-24072	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2022-24071`	vulnerable	2026-06-03 14:46:29.300082	Details available A Built-in extension in Whale browser before 3.12.129.46 allows attackers to compromise the rendering process which could lead to controlling browser internal APIs. Published: 2022-01-28T10:04:53.000Z Updated: 2024-08-03T03:59:23.786Z Open on db.gcve.eu Reference links https://cve.naver.com/detail/cve-2022-24071	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2021-33593`	vulnerable	2026-06-03 14:44:43.649874	Details available Whale browser for iOS before 1.14.0 has an inconsistent user interface issue that allows an attacker to obfuscate the address bar which may lead to address bar spoofing. Published: 2021-11-02T06:20:09.000Z Updated: 2024-08-03T23:50:43.208Z Open on db.gcve.eu Reference links https://cve.naver.com/detail/cve-2021-43059	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2020-9754`	vulnerable	2026-06-03 14:43:19.670510	Details available NAVER Whale browser mobile app before 1.10.6.2 allows the attacker to bypass its browser unlock function via incognito mode. Published: 2022-06-27T01:40:09.000Z Updated: 2024-08-04T10:43:04.600Z Open on db.gcve.eu Reference links https://cve.naver.com/detail/cve-2020-9754.html	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.