CVE-2022-24072

2022-03-1705:20:13

CWE-269

naver

www.cve.org

whale browser

devtools api

vulnerability

extension store

javascript

AI Score

6.4

Confidence

High

EPSS

0.001

Percentile

31.3%

JSON

The devtools API in Whale browser before 3.12.129.18 allowed extension developers to inject arbitrary JavaScript into the extension store web page via devtools.inspectedWindow, leading to extensions downloading and uploading when users open the developer tool.

CNA Affected

[
  {
    "product": "NAVER Whale browser",
    "vendor": "NAVER",
    "versions": [
      {
        "lessThan": "3.12.129.46",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]

References

cve.naver.com/detail/cve-2022-24072