CRITICAL🇵🇱 Wersja polska

CVE-2025-62583

CVSS 9.8v3.1pub. 2025-10-16upd. 2025-10-21

Whale Browser before 4.33.325.17 allows an attacker to escape the iframe sandbox in a dual-tab environment.

🤖 AI Analysis
How it works

The error classified as CWE-358 (Improperly Implemented Security Check for Standard) consists of improper implementation of the sandbox isolation mechanism for the iframe element in the context of the dual-tab environment of the Whale browser. An attacker can prepare appropriate conditions in an environment with two tabs, which cause the restrictions imposed by the iframe sandbox to not be properly enforced. As a result, code executed inside the isolated frame can escape its boundaries.

Impact

Successful exploitation of the vulnerability allows an attacker to bypass iframe sandbox isolation mechanisms, which may result in unauthorized access to browser resources, data from other tabs, or execution of unintended code outside the sandbox environment.

Mitigation & patch

The Whale Browser should be updated as soon as possible to version 4.33.325.17 or newer, in which the vulnerability has been fixed. Detailed information is available in the vendor's references at https://cve.naver.com/detail/cve-2025-62583.html

Who is affected

Navercorp Whale Browser in versions prior to 4.33.325.17

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Navercorp Whale

    APP
    Navercorp
    < 4.33.325.17
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2025-69234CRITICAL9.1PL ✓ten sam produkt

Whale Browser — ucieczka z iframe sandbox w środowisku sidebar

CVE-2025-53599CRITICAL9.8PL ✓ten sam produkt

XSS w Whale Browser dla iOS — wykonanie złośliwych skryptów przez schemat javascript

CVE-2022-24074CRITICAL9.8ten sam produkt

Whale Bridge, a default extension in Whale browser before 3.12.129.18, allowed to receive any SendMessage requ...

CVE-2025-69235HIGH7.5ten sam produkt

Whale browser before 4.35.351.12 allows an attacker to bypass the Same-Origin Policy in a sidebar environment.

CVE-2025-62585HIGH7.5ten sam produkt

Whale browser before 4.33.325.17 allows an attacker to bypass the Content Security Policy via a specific schem...