← Retour aux CVEs
CVE-2026-2345
LOW3.6
Description
Proctorio Chrome Extension is a browser extension used for online proctoring. The extension contains multiple window.addEventListener('message', ...) handlers that do not properly validate the origin of incoming messages. Specifically, an internal messaging bridge processes messages based solely on the presence of a fromWebsite property without verifying the event.origin attribute.
Details CVE
Score CVSS v3.13.6
SeveriteLOW
Vecteur CVSSCVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N
Vecteur d'attaqueLOCAL
ComplexiteHIGH
Privileges requisNONE
Interaction utilisateurREQUIRED
Publie2/11/2026
Derniere modification2/11/2026
Sourcenvd
Observations honeypot0
Faiblesses (CWE)
CWE-346
References
https://www.hckrt.com/hacktivity/46b61f36-b685-4667-aebf-82a67ad69ad6(7004884b-51e2-48e8-b4a2-5ca29e80453e)
Correlations IOC
Aucune correlation enregistree
This product uses data from the NVD API but is not endorsed or certified by the NVD.