Whale Browser Vulnerability: Local File Access via JavaScript Replacement in HWP Viewer

CVE-2022-24075 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Whale browser before 3.12.129.18 allowed extensions to replace JavaScript files of the HWP viewer website which could access to local HWP files. When the HWP files were opened, the replaced script could read the files.

Learn more about our Web App Pen Testing.