CVE-2026-2345

Published: Feb 11, 2026

Modified: Feb 11, 2026

PUBLISHED

CVSS v3.1

3.6

LOW

Description

Proctorio Chrome Extension is a browser extension used for online proctoring. The extension contains multiple window.addEventListener('message', ...) handlers that do not properly validate the origin of incoming messages. Specifically, an internal messaging bridge processes messages based solely on the presence of a fromWebsite property without verifying the event.origin attribute.

Vendor	Product	Versions
Proctorio	Secure Exam Proctor Extension	affected `1.5.25220.33` unaffected `1.5.25220.36`

Weaknesses (CWE)

CWE-346

CVSS v3.1 Details

CVSS v3.1 Vector

CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N

Attack Vector

Local

Attack Complexity

High

Privileges Required

None

User Interaction

Required

Scope

Unchanged

Confidentiality

Low

Integrity

Low

Availability

None

References

https://www.hckrt.com/hacktivity/46b61f36-b685-4667-aebf-82a67ad69ad6

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2026-2345

Description

Affected Products

Weaknesses (CWE)

CVSS v3.1 Details

References