{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-2345", "assignerOrgId": "7004884b-51e2-48e8-b4a2-5ca29e80453e", "state": "PUBLISHED", "assignerShortName": "Hackrate", "dateReserved": "2026-02-11T14:45:32.162Z", "datePublished": "2026-02-11T14:49:44.991Z", "dateUpdated": "2026-02-11T21:19:08.551Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Secure Exam Proctor Extension", "vendor": "Proctorio", "versions": [{"status": "affected", "version": "1.5.25220.33"}, {"status": "unaffected", "version": "1.5.25220.36"}]}], "credits": [{"lang": "en", "type": "reporter", "value": "Caen Jones (@vcc3v)"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>Proctorio Chrome Extension is a browser extension used for online proctoring. The extension contains multiple window.addEventListener('message', ...) handlers that do not properly validate the origin of incoming messages. Specifically, an internal messaging bridge processes messages based solely on the presence of a fromWebsite property without verifying the event.origin attribute.<br></p>"}], "value": "Proctorio Chrome Extension is a browser extension used for online proctoring. The extension contains multiple window.addEventListener('message', ...) handlers that do not properly validate the origin of incoming messages. Specifically, an internal messaging bridge processes messages based solely on the presence of a fromWebsite property without verifying the event.origin attribute."}], "impacts": [{"capecId": "CAPEC-63", "descriptions": [{"lang": "en", "value": "CAPEC-63 Cross-Site Scripting (XSS)"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 3.6, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-346", "description": "CWE-346 Origin Validation Error", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "7004884b-51e2-48e8-b4a2-5ca29e80453e", "shortName": "Hackrate", "dateUpdated": "2026-02-11T14:49:44.991Z"}, "references": [{"url": "https://www.hckrt.com/hacktivity/46b61f36-b685-4667-aebf-82a67ad69ad6"}], "source": {"discovery": "UNKNOWN"}, "title": "Insufficient Origin Validation in Proctorio Chrome Extension postMessage Handlers", "x_generator": {"engine": "Vulnogram 0.5.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-02-11T21:19:02.758590Z", "id": "CVE-2026-2345", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-11T21:19:08.551Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-2345", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-02-11T21:19:02.758590Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-11T21:19:06.078Z"}}], "cna": {"title": "Insufficient Origin Validation in Proctorio Chrome Extension postMessage Handlers", "source": {"discovery": "UNKNOWN"}, "credits": [{"lang": "en", "type": "reporter", "value": "Caen Jones (@vcc3v)"}], "impacts": [{"capecId": "CAPEC-63", "descriptions": [{"lang": "en", "value": "CAPEC-63 Cross-Site Scripting (XSS)"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 3.6, "attackVector": "LOCAL", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Proctorio", "product": "Secure Exam Proctor Extension", "versions": [{"status": "affected", "version": "1.5.25220.33"}, {"status": "unaffected", "version": "1.5.25220.36"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://www.hckrt.com/hacktivity/46b61f36-b685-4667-aebf-82a67ad69ad6"}], "x_generator": {"engine": "Vulnogram 0.5.0"}, "descriptions": [{"lang": "en", "value": "Proctorio Chrome Extension is a browser extension used for online proctoring. The extension contains multiple window.addEventListener('message', ...) handlers that do not properly validate the origin of incoming messages. Specifically, an internal messaging bridge processes messages based solely on the presence of a fromWebsite property without verifying the event.origin attribute.", "supportingMedia": [{"type": "text/html", "value": "<p>Proctorio Chrome Extension is a browser extension used for online proctoring. The extension contains multiple window.addEventListener('message', ...) handlers that do not properly validate the origin of incoming messages. Specifically, an internal messaging bridge processes messages based solely on the presence of a fromWebsite property without verifying the event.origin attribute.<br></p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-346", "description": "CWE-346 Origin Validation Error"}]}], "providerMetadata": {"orgId": "7004884b-51e2-48e8-b4a2-5ca29e80453e", "shortName": "Hackrate", "dateUpdated": "2026-02-11T14:49:44.991Z"}}}, "cveMetadata": {"cveId": "CVE-2026-2345", "state": "PUBLISHED", "dateUpdated": "2026-02-11T21:19:08.551Z", "dateReserved": "2026-02-11T14:45:32.162Z", "assignerOrgId": "7004884b-51e2-48e8-b4a2-5ca29e80453e", "datePublished": "2026-02-11T14:49:44.991Z", "assignerShortName": "Hackrate"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Proctorio Chrome Extension is a browser extension used for online proctoring. The extension contains multiple window.addEventListener('message', ...) handlers that do not properly validate the origin of incoming messages. Specifically, an internal messaging bridge processes messages based solely on the presence of a fromWebsite property without verifying the event.origin attribute."}, {"lang": "es", "value": "La extensi\u00f3n de Chrome de Proctorio es una extensi\u00f3n de navegador utilizada para la supervisi\u00f3n en l\u00ednea. La extensi\u00f3n contiene m\u00faltiples manejadores window.addEventListener('message', ...) que no validan correctamente el origen de los mensajes entrantes. Espec\u00edficamente, un puente de mensajer\u00eda interno procesa los mensajes bas\u00e1ndose \u00fanicamente en la presencia de una propiedad fromWebsite sin verificar el atributo event.origin."}], "id": "CVE-2026-2345", "lastModified": "2026-04-15T00:35:42.020", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 3.6, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 1.0, "impactScore": 2.5, "source": "7004884b-51e2-48e8-b4a2-5ca29e80453e", "type": "Secondary"}]}, "published": "2026-02-11T15:16:18.160", "references": [{"source": "7004884b-51e2-48e8-b4a2-5ca29e80453e", "url": "https://www.hckrt.com/hacktivity/46b61f36-b685-4667-aebf-82a67ad69ad6"}], "sourceIdentifier": "7004884b-51e2-48e8-b4a2-5ca29e80453e", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-346"}], "source": "7004884b-51e2-48e8-b4a2-5ca29e80453e", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "1.5.25220.33"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "generic", "value": "1.5.25220.36"}}], "product": "secure_exam_proctor_extension", "vendor": "proctorio"}], "analysis": {"en": {"generated_at": "2026-04-17T20:19:59.375545+00:00", "value": {"mitigation_remediation": ["Upgrade to the latest Proctorio Secure Exam Proctor Extension, verifying that the new version validates event origins before processing messages", "If an upgrade is not immediately possible, uninstall the Proctorio extension from all affected user browsers to eliminate the attack surface", "Deploy Chrome Enterprise policies to restrict extension installation or configure Site Isolation for extensions, ensuring that only trusted extensions can interact with document frames"], "summary": {"action": "Assess Impact", "impact": "Potential unauthorized message handling within the Proctorio Secure Exam Proctor Extension"}, "threat_synthesis": {"affected_systems": "All users of the Proctorio Secure Exam Proctor Extension are affected; no specific product versions are listed, suggesting that every released version containing the described handlers is vulnerable.", "description_and_impact": "The Proctorio Chrome Extension registers multiple window.addEventListener('message', ...) handlers that do not validate the origin of the event. Incoming messages are processed only if a fromWebsite property is present, and the event.origin attribute is ignored. This flaw means that any web page, malicious or compromised, can send crafted postMessage events to the extension, potentially causing the extension to perform unintended actions, reveal confidential information, or alter its internal state. The weakness corresponds to CWE\u2011346: Insufficient Verification of the Origin of a Message.", "risk_and_exploitability": "The CVSS score of 3.6 classifies the vulnerability as low severity. The EPSS score of less than 1% indicates a very low probability of exploitation. The vulnerability is not currently included in CISA\u2019s Known Exploited Vulnerabilities catalog. Exploit requires a user to have the Proctorio extension installed and a malicious website or script capable of sending postMessage events to the extension, which is possible through a normal browsing session. While the attack vector is remote, the lack of origin checks allows attackers to bypass normal browser restrictions and inject messages into the extension\u2019s context."}}}}, "created": "2026-02-11T21:38:03.928367+00:00", "updated": "2026-04-17T20:30:15.806960+00:00", "vendors": ["proctorio", "proctorio$PRODUCT$secure_exam_proctor_extension"]}