PT-2026-7613 · Unknown · Proctorio Chrome Extension

Caen Jones

Published

2026-02-11

Updated

2026-02-11

CVE-2026-2345

CVSS v3.1

3.6

Low

Vector

AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions Proctorio Chrome Extension (affected versions not specified)

Description The Proctorio Chrome Extension, used for online proctoring, has multiple window.addEventListener('message', ...) handlers that do not properly validate the origin of incoming messages. An internal messaging bridge processes messages based only on the presence of a fromWebsite property, without verifying the event.origin attribute. This insufficient origin validation could potentially allow malicious actors to send crafted messages to the extension.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Origin Validation Error

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-346

Related Identifiers

CVE-2026-2345

Affected Products

Proctorio Chrome Extension

PT-2026-7613 · Unknown · Proctorio Chrome Extension

CVE-2026-2345

Weakness Enumeration

Related Identifiers

Affected Products

References · 3