Incorrect Use of Privileged APIs

CVE-2022-24073

High

7.1/10

Summary

The Web Request API in Whale browser before 3.12.129.18 allowed to deny access to the extension store or redirect to any URL when users access the store.

Attack Complexity: LOW
Attack Vector: NETWORK
Integrity Impact: LOW
Scope: CHANGED
User Interaction: REQUIRED
Privileges Required: NONE
Confidentiality Impact: LOW
Availability Impact: LOW

CWE-648 - Incorrect Use of Privileged APIs

The application does not conform to the API requirements for a function call that requires extra privileges. This could allow attackers to gain privileges by causing the function to be called incorrectly.

References

Advisory Timeline

Published Mar 17, 2022

Incorrect Use of Privileged APIs

CVE-2022-24073

Summary

CWE-648 - Incorrect Use of Privileged APIs

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS