Home

Description

Whale browser before 4.33.325.17 allows an attacker to bypass the Content Security Policy via a specific scheme in a dual-tab environment.

PUBLISHED Reserved 2025-10-16 | Published 2025-10-16 | Updated 2025-10-16 | Assigner naver

Problem types

CWE-358 Improperly Implemented Security Check for Standard

Product status

Default status
affected

4.33.325.17
unaffected

Credits

Mingi Jung, mingijung.grape@gmail.com, Ulsan National Institute of Science and Technology-Web Sec Lab finder

References

cve.naver.com/detail/cve-2025-62585.html (NAVER Security Advisory) vendor-advisory

cve.org (CVE-2025-62585)

nvd.nist.gov (CVE-2025-62585)

Download JSON