CVE-2026-2345

LOW

Proctorio Chrome Extension - XSS

Title source: llm

Description

Proctorio Chrome Extension is a browser extension used for online proctoring. The extension contains multiple window.addEventListener('message', ...) handlers that do not properly validate the origin of incoming messages. Specifically, an internal messaging bridge processes messages based solely on the presence of a fromWebsite property without verifying the event.origin attribute.

References (1)

[Various Sources] https://www.hckrt.com/hacktivity/46b61f36-b685-4667-aebf-82a67ad69ad6

Scores

CVSS v3 3.6

EPSS 0.0001

EPSS Percentile 0.8%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-346

Status published

Products (2)

Proctorio/Secure Exam Proctor Extension 1.5.25220.33

Proctorio/Secure Exam Proctor Extension 1.5.25220.36

Published Feb 11, 2026

Tracked Since Feb 18, 2026