Skip to main content

Whale CVE-2025-53600

| EUVDEUVD-2025-19933 HIGH
Origin Validation Error (CWE-346)
2025-07-04 cve@navercorp.com
7.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
7.5 HIGH
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
High
Availability
None

Lifecycle Timeline

3
EUVD ID Assigned
Mar 16, 2026 - 02:42 euvd
EUVD-2025-19933
Analysis Generated
Mar 16, 2026 - 02:42 vuln.today
CVE Published
Jul 04, 2025 - 08:15 nvd
HIGH 7.5

DescriptionCVE.org

Whale browser before 4.32.315.22 allow an attacker to bypass the Same-Origin Policy in a dual-tab environment.

Analysis

Whale browser before 4.32.315.22 allow an attacker to bypass the Same-Origin Policy in a dual-tab environment.

Technical ContextAI

This vulnerability is classified as Origin Validation Error (CWE-346).

RemediationAI

Monitor vendor advisories for patches. Apply mitigations such as network segmentation, access restrictions, and monitoring.

More in Whale

View all
CVE-2025-53599 CRITICAL
9.8 Jul 04

Whale browser for iOS before 3.9.1.4206 allow an attacker to execute malicious scripts in the browser via a crafted java

CVE-2022-24074 CRITICAL
9.8 Mar 17

Whale Bridge, a default extension in Whale browser before 3.12.129.18, allowed to receive any SendMessage request from t

CVE-2018-9859 HIGH
8.1 Jun 16

The path of Whale update service was unquoted in NAVER Whale before 1.0.40.7. Rated high severity (CVSS 8.1), this vulne

CVE-2018-12449 HIGH
7.8 Oct 11

The Whale browser installer 0.4.3.0 and earlier versions allows DLL hijacking. Rated high severity (CVSS 7.8), this vuln

CVE-2022-24073 HIGH
7.1 Mar 17

The Web Request API in Whale browser before 3.12.129.18 allowed to deny access to the extension store or redirect to any

CVE-2022-24075 MEDIUM
6.5 Mar 17

Whale browser before 3.12.129.18 allowed extensions to replace JavaScript files of the HWP viewer website which could ac

CVE-2022-24072 MEDIUM
6.1 Mar 17

The devtools API in Whale browser before 3.12.129.18 allowed extension developers to inject arbitrary JavaScript into th

CVE-2021-33593 MEDIUM
5.3 Nov 02

Whale browser for iOS before 1.14.0 has an inconsistent user interface issue that allows an attacker to obfuscate the ad

CVE-2018-12448 MEDIUM
5.3 Aug 02

Whale Browser before 1.3.48.4 displays no URL information but only a title of a web page on the browser's address bar wh

CVE-2018-7635 MEDIUM
5.3 Jul 03

Whale Browser before 1.0.41.8 displays no URL information but only a title of a web page on the browser's address bar wh

Share

CVE-2025-53600 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy