CVE-2026-2345

LOW

Proctorio Chrome Extension - XSS

Title source: llm

Description

Proctorio Chrome Extension is a browser extension used for online proctoring. The extension contains multiple window.addEventListener('message', ...) handlers that do not properly validate the origin of incoming messages. Specifically, an internal messaging bridge processes messages based solely on the presence of a fromWebsite property without verifying the event.origin attribute.

References (1)

[Various Sources] https://www.hckrt.com/hacktivity/46b61f36-b685-4667-aebf-82a67ad69ad6

Scores

CVSS v3 3.6

EPSS 0.0001

EPSS Percentile 0.4%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N

Classification

CWE

CWE-346

Status draft

Timeline

Published Feb 11, 2026

Tracked Since Feb 18, 2026