CVE-2026-8888

HIGH 7.5

CVE-2026-8888

CVSS Score

7.5

EPSS Score

0.0%

EPSS Percentile

5th

Version 3.0.7 of the Securly Chrome Extension downloads config.json over HTTP and compiles server-provided patterns as JavaScript regular expressions via new RegExp() without complexity validation. An on-path attacker can inject specific patterns to cause catastrophic backtracking, resulting in denial of service on all browsing.

Vendor	securly
Product	securly chrome extension
Published	Jun 3, 2026
Last Updated	Jun 4, 2026

Stay Ahead of the Next One

Get instant alerts for securly securly chrome extension

Be the first to know when new high vulnerabilities affecting securly securly chrome extension are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

Securly / Securly Chrome Extension

0 ≤ 3.0.7

References

NVD ↗ CVE.org ↗ EPSS Data ↗

kb.cert.org: https://kb.cert.org/vuls/id/595768