PT-2022-16454 · Unknown · Whale Browser

Young Min Kim

Published

2022-03-17

Updated

2022-03-23

CVE-2022-24075

CVSS v3.1

6.5

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Whale browser versions prior to 3.12.129.18

Description The issue allows extensions to replace JavaScript files of the HWP viewer website, which could access local HWP files. When the HWP files are opened, the replaced script can read the files.

Recommendations For versions prior to 3.12.129.18, update to version 3.12.129.18 or later to resolve the issue. As a temporary workaround, consider disabling the use of extensions that can replace JavaScript files of the HWP viewer website until a patch is applied. Restrict access to local HWP files when using the HWP viewer website in the Whale browser to minimize the risk of exploitation.

Fix

Files Accessible to External Parties

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-552

Related Identifiers

CVE-2022-24075

Affected Products

Whale Browser

PT-2022-16454 · Unknown · Whale Browser

CVE-2022-24075

Weakness Enumeration

Related Identifiers

Affected Products

References · 4