CVE-2026-8876

Summary

Version 3.0.7 of the Securly Chrome Extension contains hardcoded, plaintext AES passphrases in securly.min.js. These keys decrypt crisis alert keyword data and intervention site data.

Affected Software

VendorProductVersion RangeStatus
SecurlySecurly Chrome Extension0 <= 3.0.7affected

Weaknesses

  • CWE-321

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: total

References