Login Sign Up

CVE-2022-24074

9.8 CRITICAL

📋 TL;DR

CVE-2022-24074 is a critical vulnerability in Whale Browser's default Whale Bridge extension that allows compromised rendering processes to send arbitrary messages and gain control of the extension. This affects all Whale Browser users running versions before 3.12.129.18. The vulnerability enables privilege escalation from content scripts to extension control.

💻 Affected Systems

Products:
  • Whale Browser
Versions: All versions before 3.12.129.18
Operating Systems: Windows, macOS, Linux
Default Config Vulnerable: ⚠️ Yes
Notes: Whale Bridge is a default extension that cannot be disabled or removed by users.

📦 What is this software?

Whale by Navercorp

View all CVEs affecting Whale →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete browser compromise allowing attackers to execute arbitrary code, steal sensitive data, install malware, and perform actions with the user's privileges.

🟠

Likely Case

Attackers exploiting malicious websites could gain control of the Whale Bridge extension to intercept communications, modify browser behavior, and access sensitive information.

🟢

If Mitigated

With proper browser sandboxing and extension isolation, impact would be limited to the compromised tab's context.

🌐 Internet-Facing: HIGH - Attackers can exploit via malicious websites visited by users.
🏢 Internal Only: LOW - Requires user interaction with malicious content, not directly exploitable from internal network alone.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Exploitation requires user to visit malicious website but no authentication needed once user interacts with content.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 3.12.129.18 and later

Vendor Advisory: https://cve.naver.com/detail/cve-2022-24074

Restart Required: Yes

Instructions:

1. Open Whale Browser. 2. Click menu → About Whale. 3. Browser will auto-update if not at latest version. 4. Restart browser when prompted.

🔧 Temporary Workarounds

Disable Whale Bridge via Enterprise Policy

all

Enterprise administrators can disable the vulnerable extension via group policy.

Configure ExtensionInstallBlocklist policy to include Whale Bridge extension ID

🧯 If You Can't Patch

  • Restrict users from browsing untrusted websites using web filtering or proxy controls.
  • Implement application whitelisting to prevent execution of malicious payloads that might result from exploitation.

🔍 How to Verify

Check if Vulnerable:

Check Whale Browser version: Menu → About Whale. If version is below 3.12.129.18, system is vulnerable.

Check Version:

On Windows: whale://version/ or check browser About dialog

Verify Fix Applied:

Confirm version is 3.12.129.18 or higher in About Whale dialog.

📡 Detection & Monitoring

Log Indicators:

  • Unusual extension message activity
  • Suspicious content script to extension communication

Network Indicators:

  • Connections to known malicious domains that could host exploit code

SIEM Query:

Browser logs showing Whale Bridge extension receiving messages from untrusted content scripts

📊 Metadata

CVE ID: CVE-2022-24074
CVSS v3 Score: 9.8 (CRITICAL)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-668
Published: March 17, 2022
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-24074, you might also want to check these:

CVE-2025-15114 9.8

This critical vulnerability in Ksenia Security Lares 4.0 Home Automation version 1.6 exposes the ala...

Same vulnerability type (CWE-668)
CVE-2021-27236 9.8

This vulnerability in Mutare Voice (EVM) allows unauthenticated attackers to include local files via...

Same vulnerability type (CWE-668)
CVE-2022-25643 9.8

CVE-2022-25643 is a privilege escalation vulnerability in seatd-launch (part of seatd 0.6.x) that al...

Same vulnerability type (CWE-668)