navercorp CVE Vulnerabilities & Metrics

Focus on navercorp vulnerabilities and metrics.

Last updated: 08 Mar 2025, 23:25 UTC

About navercorp Security Exposure

This page consolidates all known Common Vulnerabilities and Exposures (CVEs) associated with navercorp. We track both calendar-based metrics (using fixed periods) and rolling metrics (using gliding windows) to give you a comprehensive view of security trends and risk evolution. Use these insights to assess risk and plan your patching strategy.

For a broader perspective on cybersecurity threats, explore the comprehensive list of CVEs by vendor and product. Stay updated on critical vulnerabilities affecting major software and hardware providers.

Global CVE Overview

Total navercorp CVEs: 12
Earliest CVE date: 08 Jan 2018, 03:29 UTC
Latest CVE date: 27 Jun 2022, 02:15 UTC

Latest CVE reference: CVE-2020-9754

Rolling Stats

30-day Count (Rolling): 0
365-day Count (Rolling): 0

Calendar-based Variation

Calendar-based Variation compares a fixed calendar period (e.g., this month versus the same month last year), while Rolling Growth Rate uses a continuous window (e.g., last 30 days versus the previous 30 days) to capture trends independent of calendar boundaries.

Variations & Growth

Month Variation (Calendar): 0%
Year Variation (Calendar): 0%

Month Growth Rate (30-day Rolling): 0.0%
Year Growth Rate (365-day Rolling): 0.0%

Monthly CVE Trends (current vs previous Year)

Annual CVE Trends (Last 20 Years)

Critical navercorp CVEs (CVSS ≥ 9) Over 20 Years

CVSS Stats

Average CVSS: 5.41

Max CVSS: 7.5

Critical CVEs (≥9): 0

CVSS Range vs. Count

Range	Count
0.0-3.9	0
4.0-6.9	11
7.0-8.9	1
9.0-10.0	0

CVSS Distribution Chart

Top 5 Highest CVSS navercorp CVEs

These are the five CVEs with the highest CVSS scores for navercorp, sorted by severity first and recency.

CVE-2022-24074 navercorp Published on 17 Mar 2022, 06:15 UTC (CVSS: 7.5)
Whale Bridge, a default extension in Whale browser before 3.12.129.18, allowed to receive any SendMessage request from the content script itself that could lead to controlling Whale Bridge if the rendering process compromises.
CVE-2018-12449 navercorp Published on 11 Oct 2018, 13:29 UTC (CVSS: 6.8)
The Whale browser installer 0.4.3.0 and earlier versions allows DLL hijacking.
CVE-2017-15913 navercorp Published on 08 Jan 2018, 03:29 UTC (CVSS: 6.8)
The Installer in Whale allows DLL hijacking.
CVE-2022-24073 navercorp Published on 17 Mar 2022, 06:15 UTC (CVSS: 5.8)
The Web Request API in Whale browser before 3.12.129.18 allowed to deny access to the extension store or redirect to any URL when users access the store.
CVE-2018-9859 navercorp Published on 16 Jun 2018, 01:29 UTC (CVSS: 5.1)
The path of Whale update service was unquoted in NAVER Whale before 1.0.40.7. This vulnerability can be used for persistent privilege escalation if it's available to create an executable file with System privilege by other vulnerable applications.

All CVEs for navercorp

CVE-2020-9754 navercorp vulnerability CVSS: 5.0 27 Jun 2022, 02:15 UTC

NAVER Whale browser mobile app before 1.10.6.2 allows the attacker to bypass its browser unlock function via incognito mode.

CVE-2022-24075 navercorp vulnerability CVSS: 4.3 17 Mar 2022, 06:15 UTC

Whale browser before 3.12.129.18 allowed extensions to replace JavaScript files of the HWP viewer website which could access to local HWP files. When the HWP files were opened, the replaced script could read the files.

CVE-2022-24074 navercorp vulnerability CVSS: 7.5 17 Mar 2022, 06:15 UTC

Whale Bridge, a default extension in Whale browser before 3.12.129.18, allowed to receive any SendMessage request from the content script itself that could lead to controlling Whale Bridge if the rendering process compromises.

CVE-2022-24073 navercorp vulnerability CVSS: 5.8 17 Mar 2022, 06:15 UTC

The Web Request API in Whale browser before 3.12.129.18 allowed to deny access to the extension store or redirect to any URL when users access the store.

CVE-2022-24072 navercorp vulnerability CVSS: 4.3 17 Mar 2022, 06:15 UTC

The devtools API in Whale browser before 3.12.129.18 allowed extension developers to inject arbitrary JavaScript into the extension store web page via devtools.inspectedWindow, leading to extensions downloading and uploading when users open the developer tool.

CVE-2022-24071 navercorp vulnerability CVSS: 4.3 28 Jan 2022, 11:15 UTC

A Built-in extension in Whale browser before 3.12.129.46 allows attackers to compromise the rendering process which could lead to controlling browser internal APIs.

CVE-2021-33593 navercorp vulnerability CVSS: 5.0 02 Nov 2021, 07:15 UTC

Whale browser for iOS before 1.14.0 has an inconsistent user interface issue that allows an attacker to obfuscate the address bar which may lead to address bar spoofing.

CVE-2018-12449 navercorp vulnerability CVSS: 6.8 11 Oct 2018, 13:29 UTC

The Whale browser installer 0.4.3.0 and earlier versions allows DLL hijacking.

CVE-2018-12448 navercorp vulnerability CVSS: 5.0 02 Aug 2018, 13:29 UTC

Whale Browser before 1.3.48.4 displays no URL information but only a title of a web page on the browser's address bar when visiting a non-http page, which allows an attacker to display a malicious web page with a fake domain name.

CVE-2018-7635 navercorp vulnerability CVSS: 5.0 03 Jul 2018, 15:29 UTC

Whale Browser before 1.0.41.8 displays no URL information but only a title of a web page on the browser's address bar when visiting a blank page, which allows an attacker to display a malicious web page with a fake domain name.

CVE-2018-9859 navercorp vulnerability CVSS: 5.1 16 Jun 2018, 01:29 UTC

The path of Whale update service was unquoted in NAVER Whale before 1.0.40.7. This vulnerability can be used for persistent privilege escalation if it's available to create an executable file with System privilege by other vulnerable applications.

CVE-2017-15913 navercorp vulnerability CVSS: 6.8 08 Jan 2018, 03:29 UTC

The Installer in Whale allows DLL hijacking.