Okta Browser Plugin is available on multiple browsers like Edge, Chrome, Safari, and Firefox. Combining all these browsers, the plugin has over 5 million users.
However, this plugin was discovered to have a Cross-site Scripting vulnerability that could allow threat actors to execute arbitrary Javascript code.
Okta acted swiftly upon the report and published a security advisory to address this vulnerability.
Join our free webinar to learn about combating slow DDoS attacks, a major threat today.
Versions 6.5.0 through 6.31.0 of the Okta Browser Plugin for Chrome, Edge, Firefox, and Safari were identified as affecting the issue.
Okta Browser Plugin Vulnerability
According to the Okta advisory, this vulnerability was assigned CVE-2024-0981, and its severity was given as 7.1 (High).
This flaw arises when users input the new credentials, and the plugin prompts users to save the credentials with Okta Personal.
However, this vulnerability does not affect Workforce Identity Cloud users if Okta Personal is not added to the browser plugin that is used to enable multi-account views.
Additionally, Okta Admin users can run the following query to search for users who are still using an outdated version of this plugin.
debugContext.debugData.oktaUserAgentExtended ne “okta-browser-plugin/6.32.0” and debugContext.debugData.oktaUserAgentExtended co “okta-browser-plugin/”
More than 100 million users use Okta to save their credentials and connect to applications both inside and outside of their organizations. In addition, the Okta Browser Plugin offers multiple features, such as
- Automatically sign in to your business and personal apps with just one click
- Add your own apps into Okta
- Quickly generate strong, random passwords on the fly for all your apps
- Easily access your Okta dashboard apps and tabs
- Seamlessly and securely switch between multiple Okta accounts
Affected Products And Fixed In Versions
| Affected Products | Fixed in Versions |
| Okta Browser Plugin versions 6.5.0 through 6.31.0(Chrome/Edge/Firefox/Safari) | Okta Browser Plugin version 6.32.0 for Chrome/Edge/Safari |
It is recommended that users of this plugin upgrade to the latest versions to prevent threat actors from exploiting this vulnerability.
Protect Your Business Emails From Spoofing, Phishing & BEC with AI-Powered Security | Free Demo