Whale Bridge Extension Vulnerability: Remote Control Exploit

Whale Bridge Extension Vulnerability: Remote Control Exploit

CVE-2022-24074 · CRITICAL Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Whale Bridge, a default extension in Whale browser before 3.12.129.18, allowed to receive any SendMessage request from the content script itself that could lead to controlling Whale Bridge if the rendering process compromises.

Learn more about our Web Application Penetration Testing UK.