Whale Bridge, a default extension in Whale browser before 3.12.129.18, allowed to receive any SendMessage request from the content script itself that could lead to controlling Whale Bridge if the rendering process compromises.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HNavercorp Whale
APPNavercorp< 3.12.129.18
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Related vulnerabilities
CVE-2025-69234CRITICAL9.1PL ✓ten sam produkt
Whale Browser — ucieczka z iframe sandbox w środowisku sidebar
CVE-2025-62583CRITICAL9.8PL ✓ten sam produkt
Whale Browser: ucieczka z iframe sandbox w środowisku dual-tab
CVE-2025-53599CRITICAL9.8PL ✓ten sam produkt
XSS w Whale Browser dla iOS — wykonanie złośliwych skryptów przez schemat javascript
CVE-2025-69235HIGH7.5ten sam produkt
Whale browser before 4.35.351.12 allows an attacker to bypass the Same-Origin Policy in a sidebar environment.
CVE-2025-62584HIGH7.5ten sam produkt
Whale browser before 4.33.325.17 allows an attacker to bypass the Same-Origin Policy in a dual-tab environment...