← Voltar para CVEs
CVE-2026-2345
LOW3.6
Descricao
Proctorio Chrome Extension is a browser extension used for online proctoring. The extension contains multiple window.addEventListener('message', ...) handlers that do not properly validate the origin of incoming messages. Specifically, an internal messaging bridge processes messages based solely on the presence of a fromWebsite property without verifying the event.origin attribute.
Detalhes CVE
Pontuacao CVSS v3.13.6
SeveridadeLOW
Vetor CVSSCVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N
Vetor de ataqueLOCAL
ComplexidadeHIGH
Privilegios necessariosNONE
Interacao do usuarioREQUIRED
Publicado2/11/2026
Ultima modificacao2/11/2026
Fontenvd
Avistamentos honeypot0
Fraquezas (CWE)
CWE-346
Referencias
https://www.hckrt.com/hacktivity/46b61f36-b685-4667-aebf-82a67ad69ad6(7004884b-51e2-48e8-b4a2-5ca29e80453e)
Correlacoes IOC
Sem correlacoes registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.