CVE-2026-8888

None

No severity ratings or metrics are available. When they are, we'll update the corresponding info on the page.

Version 3.0.7 of the Securly Chrome Extension downloads config.json over HTTP and compiles server-provided patterns as JavaScript regular expressions via new RegExp() without complexity validation. An on-path attacker can inject specific patterns to cause catastrophic backtracking, resulting in denial of service on all browsing.

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2026-8888

Affected Products

Securly Chrome Extension

CVE-2026-8888

Related Identifiers

Affected Products

References · 2