CVE-2024-34714

Name of the Vulnerable Software and Affected Versions Hoppscotch Browser Extension versions prior to 0.35

Description The issue arises from an oversight in the Hoppscotch Browser Extension, allowing messages to be sent and processed from unauthorized origins. This exposes users to potential security risks, as any site running on the browser with the extension installed can bypass CORS restrictions. The vulnerability can lead to improper validation of integrity check values, potentially resulting in system compromise.

Recommendations For versions prior to 0.35, upgrade to version 0.35 or later to resolve the issue. As a temporary workaround for Chrome users, consider disabling the extension access to only the origins that you want through the Extensions Settings. For Firefox users, upgrade to a fixed version, as there is no alternative workaround available.