CVE-2026-2345

Name of the Vulnerable Software and Affected Versions Proctorio Chrome Extension (affected versions not specified)

Description The Proctorio Chrome Extension, used for online proctoring, has multiple window.addEventListener('message', ...) handlers that do not properly validate the origin of incoming messages. An internal messaging bridge processes messages based only on the presence of a fromWebsite property, without verifying the event.origin attribute. This insufficient origin validation could potentially allow malicious actors to send crafted messages to the extension.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.