cvedb.io
CVE-2022-24072
MEDIUM · CVSS 6.1
EPSS exploitation probability: 0%
Published 2022-03-17T06:15:06.627 · Last modified 2026-06-17T04:31:15.277

Summary

The devtools API in Whale browser before 3.12.129.18 allowed extension developers to inject arbitrary JavaScript into the extension store web page via devtools.inspectedWindow, leading to extensions downloading and uploading when users open the developer tool.

Affected products

navercorp — whale

Does this affect you?

Add your gear to cvedb and we'll alert you only when navercorp ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.