CVE-2022-24075: 
Homebrew vulnerability analysis and mitigation

Whale browser before version 3.12.129.18 contained a vulnerability that allowed browser extensions to replace JavaScript files of the HWP viewer website. This vulnerability was assigned CVE-2022-24075 and was disclosed on March 17, 2022. The vulnerability affected NAVER's Whale browser and specifically impacted its handling of HWP files through the browser's viewer functionality (NAVER Advisory).

The vulnerability has a CVSS v3 Base Score of 6.5 (Medium severity). The attack vector is Network-based, with low attack complexity and requires no privileges, though user interaction is necessary. The vulnerability could lead to high confidentiality impact, while integrity and availability impacts are none (AttackerKB).

When exploited, the vulnerability allowed malicious extensions to replace JavaScript files of the HWP viewer website, which could then access local HWP files. When users opened HWP files, the replaced script could read the contents of these files, potentially exposing sensitive information stored in local HWP documents (NAVER Advisory).

The vulnerability was patched in Whale browser version 3.12.129.18. Users should upgrade to this version or later to mitigate the risk (NAVER Advisory).