Unknown · Proctorio Chrome Extension · CVE-2026-2345
**Name of the Vulnerable Software and Affected Versions**
Proctorio Chrome Extension (affected versions not specified)
**Description**
The Proctorio Chrome Extension, used for online proctoring, has multiple `window.addEventListener('message', ...)` handlers that do not properly validate the origin of incoming messages. An internal messaging bridge processes messages based only on the presence of a `fromWebsite` property, without verifying the `event.origin` attribute. This insufficient origin validation could potentially allow malicious actors to send crafted messages to the extension.
**Recommendations**
At the moment, there is no information about a newer version that contains a fix for this vulnerability.