CVE-2026-8876
Received
Received - Intake
Hardcoded AES Passphrases in Securly Chrome Extension
Publication date: 2026-06-03
Last updated on: 2026-06-03
Assigner: CERT/CC
Description
Description
Version 3.0.7 of the Securly Chrome Extension contains hardcoded, plaintext AES passphrases in securly.min.js. These keys decrypt crisis alert keyword data and intervention site data.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| securly | chrome_extension | 3.0.7 |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
Version 3.0.7 of the Securly Chrome Extension contains hardcoded, plaintext AES passphrases in the securly.min.js file.
These passphrases are used to decrypt sensitive data such as crisis alert keyword data and intervention site data.
How can this vulnerability impact me? :
Because the AES passphrases are hardcoded and stored in plaintext, an attacker who accesses the extension's code can decrypt sensitive information.
This could lead to unauthorized access to crisis alert keyword data and intervention site data, potentially exposing sensitive or confidential information.
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70