CVE-2026-45245

Name of the Vulnerable Software and Affected Versions Summarize versions prior to 0.15.1

Description The hover summary feature allows malicious pages to dispatch synthetic mouseover events over attacker-controlled links. This causes the extension to make authenticated daemon requests using stored tokens without verifying if the event is trustworthy. Attackers can use local or private-network URLs behind hoverable links to route authenticated requests through the daemon, which may lead to unauthorized access to sensitive internal endpoints when users interact with malicious content.

Recommendations Update to version 0.15.1 or later.