Insufficient Origin Validation in Proctorio Chrome Extension postMessage Handlers

3.6 / 10

LOW

CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N

Description

Proctorio Chrome Extension is a browser extension used for online proctoring. The extension contains multiple window.addEventListener('message', ...) handlers that do not properly validate the origin of incoming messages. Specifically, an internal messaging bridge processes messages based solely on the presence of a fromWebsite property without verifying the event.origin attribute.

Basic Information

ID CVE-2026-2345

Source Hackrate

Published Feb 11, 2026 at 14:49

Affected Product

Vendor Proctorio

Product Secure Exam Proctor Extension

Version 1.5.25220.33

Affected Versions Proctorio Secure Exam Proctor Extension 1.5.25220.33

CWE Classification

CWE-346

References

www.hckrt.com /hacktivity/46b61f36-b685-4667-aebf-82a67ad69ad6

{
    "lastseen": "",
    "description": "Proctorio Chrome Extension is a browser extension used for online proctoring. The extension contains multiple window.addEventListener('message', ...) handlers that do not properly validate the origin of incoming messages. Specifically, an internal messaging bridge processes messages based solely on the presence of a fromWebsite property without verifying the event.origin attribute.",
    "published": "2026-02-11T14:49:44.991Z",
    "modified": "2026-02-11T14:49:44.991Z",
    "type": "cve",
    "title": "Insufficient Origin Validation in Proctorio Chrome Extension postMessage Handlers",
    "source": "Hackrate",
    "references": "https://www.hckrt.com/hacktivity/46b61f36-b685-4667-aebf-82a67ad69ad6",
    "id": "CVE-2026-2345",
    "bulletinFamily": "",
    "cwe": [
        "CWE-346"
    ],
    "cvelist": null,
    "sourceData": "Proctorio Secure Exam Proctor Extension 1.5.25220.33",
    "sourceHref": "",
    "cvss": {
        "score": 3.6,
        "severity": "LOW",
        "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Secure Exam Proctor Extension",
    "version": "1.5.25220.33",
    "vendor": "Proctorio",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

Insufficient Origin Validation in Proctorio Chrome Extension postMessage Handlers_CVE-2026-2345