Whale Browser CVEs and Security Vulnerabilities

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2025-53600	1 Naver	1 Whale Browser	2025-07-13	7.5 High
Whale browser before 4.32.315.22 allow an attacker to bypass the Same-Origin Policy in a dual-tab environment.
CVE-2024-50583	1 Naver	1 Whale Browser Installer	2025-07-13	6.3 Medium
Whale browser Installer before 3.1.0.0 allows an attacker to execute a malicious DLL in the user environment due to improper permission settings.
CVE-2025-53599	1 Naver	1 Whale Browser	2025-07-12	9.8 Critical
Whale browser for iOS before 3.9.1.4206 allow an attacker to execute malicious scripts in the browser via a crafted javascript scheme.
CVE-2024-40618	1 Naver	1 Whale Browser	2024-11-21	9.6 Critical
Whale browser before 3.26.244.21 allows an attacker to execute malicious JavaScript due to improper sanitization when processing a built-in extension.
CVE-2023-25632	1 Naver	1 Whale Browser	2024-11-21	5.5 Medium
The Android Mobile Whale browser app before 3.0.1.2 allows the attacker to bypass its browser unlock function via 'Open in Whale' feature.
CVE-2020-9753	1 Naver	1 Whale Browser Installer	2024-11-21	9.1 Critical
Whale Browser Installer before 1.2.0.5 versions don't support signature verification for Flash installer.

Page 1 of 1.