CVE-2022-24072

Published: 2022-03-17T06:15Z

Last Modified: 2024-11-21T06:49Z

Source: MITRE CVE List

License: MITRE-CVE-TOS

The devtools API in Whale browser before 3.12.129.18 allowed extension developers to inject arbitrary JavaScript into the extension store web page via devtools.inspectedWindow, leading to extensions downloading and uploading when users open the developer tool. > MITRE Terms of Use apply – see LICENSE‑MITRE.txt