Pega Browser Extension Native Messaging Host Vulnerability

A vulnerability has been identified in the Pega Browser Extension (PBE) that affects users of all versions of Pega Robotic Automation who have installed the extension. This vulnerability allows a bad actor to create a malicious website that targets PBE. If a user navigates to this website, the malicious code could trigger unexpected behavior in the extension, such as displaying an unanticipated message box.

Impact

Exploitation of this vulnerability could lead to unexpected behavior in the Pega Browser Extension, including the display of unanticipated message boxes.

Remediation

Users are advised to update to Pega Browser Extension version 3.1.45 or later. For those using Pega Robotic Automation version 22.1 or R25, both Robot Studio and Robot Runtime should be updated to version 25.1.13. Instructions for downloading the latest PBE build are available on the Pega Support Center.