Primary

Context

Proctorio Chrome Extension Insufficient Origin Validation in PostMessage Handlers Vulnerability

Vulnerability

A vulnerability exists in the Proctorio Chrome Extension due to multiple message event handlers that fail to properly validate the origin of incoming messages. The issue arises because the internal messaging bridge processes messages based solely on the presence of a 'fromWebsite' property, without verifying the 'event.origin' attribute. This flaw allows unauthorized interaction with the extension's functionality.

Impact

Exploitation of this vulnerability could enable a malicious webpage to send crafted postMessage payloads to the extension's background script, potentially allowing for unauthorized actions or data manipulation within the extension.

Remediation

Proctorio has deployed a fix for this vulnerability. Users are encouraged to update to the latest version of the Proctorio Chrome Extension.

Added: Feb 11, 2026, 3:41 PM

Updated: Feb 11, 2026, 3:41 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

3.3

exploitability

7.1

remediation

0.0

relevance

3.0

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

3.3

exploitability

7.1

remediation

0.0

relevance

3.0

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Proctorio Chrome Extension Insufficient Origin Validation in PostMessage Handlers Vulnerability

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating