← Back to CVEs
CVE-2026-2345
LOW3.6
Description
Proctorio Chrome Extension is a browser extension used for online proctoring. The extension contains multiple window.addEventListener('message', ...) handlers that do not properly validate the origin of incoming messages. Specifically, an internal messaging bridge processes messages based solely on the presence of a fromWebsite property without verifying the event.origin attribute.
CVE Details
CVSS v3.1 Score3.6
SeverityLOW
CVSS VectorCVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N
Attack VectorLOCAL
ComplexityHIGH
Privileges RequiredNONE
User InteractionREQUIRED
Published2/11/2026
Last Modified2/11/2026
Sourcenvd
Honeypot Sightings0
Weaknesses (CWE)
CWE-346
References
https://www.hckrt.com/hacktivity/46b61f36-b685-4667-aebf-82a67ad69ad6(7004884b-51e2-48e8-b4a2-5ca29e80453e)
IOC Correlations
No correlations recorded
This product uses data from the NVD API but is not endorsed or certified by the NVD.