A critical vulnerability, identified as CVE-2025-62583, has been discovered in Naver's Whale Browser. This flaw allows a remote attacker to bypass the browser's security sandbox, potentially leading to arbitrary code execution on a user's system by tricking them into visiting a malicious website. Due to its critical severity (CVSS 9.8), successful exploitation could result in a complete compromise of the affected workstation, posing a significant risk to organizational data and network security.

The vulnerability is a sandbox escape flaw that exists specifically within the browser's dual-tab environment. An iframe sandbox is a security mechanism designed to isolate and restrict the actions of embedded content within a webpage. This flaw allows a specially crafted webpage to bypass these restrictions when rendered in a dual-tab view. An attacker can exploit this by hosting a malicious page with a crafted iframe; when a user running a vulnerable version of Whale Browser visits this page, the code within the iframe can "escape" its intended confinement and execute commands with the full permissions of the browser process on the user's operating system.

This vulnerability is rated as critical severity with a CVSS score of 9.8. Successful exploitation could lead to a complete compromise of the affected user's workstation, introducing severe risks to the organization. Potential consequences include the theft of sensitive corporate data and user credentials, installation of malware such as ransomware or spyware, and the attacker gaining an initial foothold for lateral movement across the corporate network. This directly threatens the confidentiality, integrity, and availability of business-critical information and systems.

Immediate Action: The primary remediation is to apply the security update provided by the vendor. All systems running Whale Browser must be updated to version 4.33.325.17 or later immediately. System administrators should prioritize the deployment of this patch across all endpoints where the browser is installed.

Proactive Monitoring: Security teams should actively monitor for signs of exploitation. This includes inspecting endpoint detection and response (EDR) logs for unusual child processes spawned by whale.exe, reviewing network logs for outbound connections from workstations to suspicious or unknown domains, and analyzing web proxy logs for visits to malicious websites.

Compensating Controls: If immediate patching is not feasible, the following compensating controls can reduce risk:

• Restrict the use of Whale Browser until patching can be completed.
• Utilize web filtering solutions to block access to untrusted and uncategorized websites.
• Ensure endpoint security solutions (Antivirus, EDR) are up-to-date and configured for aggressive behavioral detection.
• Educate users on the risks of clicking links from untrusted sources.

Public Exploit Available: false

Given the critical severity (CVSS 9.8) and the potential for a remote, unauthenticated attacker to achieve full system compromise, this vulnerability poses a significant and immediate threat. We strongly recommend that organizations prioritize the deployment of the vendor-supplied patch to all affected systems without delay. Even without evidence of active exploitation, the severity of this flaw warrants immediate action to prevent it from becoming a future attack vector.