CVE-2026-8888

Vulnerability Description

Version 3.0.7 of the Securly Chrome Extension downloads config.json over HTTP and compiles server-provided patterns as JavaScript regular expressions via new RegExp() without complexity validation. An on-path attacker can inject specific patterns to cause catastrophic backtracking, resulting in denial of service on all browsing.

Vulnerability Details

Published Date

June 03, 2026

Last Modified

June 03, 2026

Source

NVD

External References

https://kb.cert.org/vuls/id/595768

Vulnerability Description

Vulnerability Details

External References

Discussion (0)

Add Comment