Before the Topicus KeyHub browser extension can be used, it must first be linked to a Topicus KeyHub installation. In this linking process, a vulnerability was discovered that could allow an attacker to link the browser extension to a server under his control. The browser extension would then communicate via this malicious server, giving the attacker the means to eavesdrop on this communication.
This vulnerability existed in all versions of the browser extension prior to 6.1.0 in all supported browsers. In version 6.1.0 this issue was remedied, with the final solution applied in version 6.2.0.
How to fix?
To get these fixes, make sure your browser automatically installs updates for browser extensions and verify that the Topicus KeyHub browser extension is at least version 6.1.0. To verify that your extension is still linked to the correct Topicus KeyHub installation, open the extension, go to settings and verify the URI.
If you would like to check if your browser is up to date, go to your Browser Settings > Extensions > Manage Extensions > Topicus KeyHub.
We would like to thank Sqills for finding and reporting this issue.