CVE-2026-8881
Received Received - Intake
Securly Chrome Extension AES Encryption Weakness

Publication date: 2026-06-03

Last updated on: 2026-06-03

Assigner: CERT/CC

Description
Version 3.0.7 of the Securly Chrome Extension uses EVP_BytesToKey key derivation with MD5 and a single iteration for AES encryption. MD5 has been broken since 2004 and a single iteration provides no key stretching.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-03
Last Modified
2026-06-03
Generated
2026-06-04
AI Q&A
2026-06-03
EPSS Evaluated
N/A
NVD
CVE-2026-8881
EUVD
EUVD-2026-34166
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
securly chrome_extension 3.0.7
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

Version 3.0.7 of the Securly Chrome Extension uses a weak key derivation method called EVP_BytesToKey with MD5 and only a single iteration for AES encryption.

MD5 is a cryptographic hash function that has been broken since 2004, meaning it is no longer secure.

Using MD5 with a single iteration provides no key stretching, which makes the encryption vulnerable to attacks that can recover the encryption key more easily.


How can this vulnerability impact me? :

This vulnerability can lead to weakened encryption security in the Securly Chrome Extension.

Attackers may exploit the weak key derivation to recover encryption keys, potentially allowing them to decrypt sensitive data that was intended to be protected.

This could result in unauthorized access to confidential information or compromise of user privacy.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart