Design/Logic Flaw

A Built-in extension in Whale browser before 3.12.129.46 allows attackers to compromise the rendering process which could lead to controlling browser internal APIs...

CVE-2022-24071

CVE-2022-24071 affects Whale browser prior to 3.12.129.46. A built-in extension vulnerability can compromise the rendering process, potentially enabling an attacker to control browser internal APIs. Exploitation details, affected versions beyond the cited release, and concrete remediation steps a...

Naver Whale browser 安全漏洞

Naver Whale Browser is a web browser from the Korean company Naver that supports user-defined interfaces. A security vulnerability previously existed in Naver Whale browser 3.12.129.46 that allowed an attacker to corrupt the rendering process, which could lead to taking control of the browser's...

The vulnerability in the WebAuthentication browser implementation by Google Chrome, related to the use of memory after it is freed, allows a hacker to compromise the user’s rendering process.

The vulnerability of the WebAuthentication browser implementation by Google Chrome relates to the use of memory after it is freed. Exploiting this vulnerability could allow a remote attacker to compromise the rendering process of a user whose credit card is stored in their Google account...

Improper Control of Generation of Code ('Code Injection') in @asyncapi/modelina

Impact Anyone who is using the default presets and/or does not handle the functionality themself. Patches It is impossible to fully guard against this, because users have access to the original raw information. However, as of version 1, if you only access the constrained models, you will not...

Improper Control of Generation of Code ('Code Injection') in @asyncapi/modelina

Impact Anyone who is using the default presets and/or does not handle the functionality themself. Patches It has not been patched yet. Workarounds Fully custom presets that change the entire rendering process which can then escape the user input. For more information Even though that I changed al...

Cross-Site Scripting via Rich-Text Content

Failing to properly parse, sanitize and encode malicious rich-text content, the content rendering process in the website frontend is vulnerable to cross-site scripting. Corresponding rendering instructions via TypoScript functionality HTMLparser do not consider all potentially malicious HTML tag ...

The vulnerability of Google Chrome’s user interface allows a hacker to compromise the rendering process and bypass the sandboxing protection mechanisms.

The vulnerability of Google Chrome’s user interface arises due to buffer overflow. Exploiting this vulnerability allows a malicious actor to compromise the rendering process and bypass the sandboxing mechanism by using a specially crafted HTML page...