CVE-2026-8879

Medienbericht

EPSS 0.37%
Veröffentlicht 03.06.2026 18:11:04
Zuletzt bearbeitet 04.06.2026 18:41:56
Quelle cret@cert.org
CVE-Watchlists
Login
Unerledigt
Login

CVE-2026-8879

Version 3.0.7 of the Securly Chrome Extension dynamically registers content13.min.js as a content script via chrome.scripting.registerContentScripts() at runtime. This script is NOT declared in manifest.json and bypasses Chrome Web Store static security review. It runs on all URLs and immediately hides all page content, creates a full-page overlay, pauses all videos, and only restores content when the service worker confirms the page passes filtering. If Securly's servers are unreachable, pages remain indefinitely hidden.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 5

NVD 1 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Securly ≫ Securly Version3.0.7 SwPlatformchrome

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.37%	0.291

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
134c704f-9b21-4f2e-91b3-4a467353bcc0	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-829 Inclusion of Functionality from Untrusted Control Sphere

The product imports, requires, or includes executable functionality (such as a library) from a source that is outside of the intended control sphere.

Für Zugriff zu Vulnerability Intelligence ist ein VulnDex Zugang erforderlich.

VulnDex Intel

Media Report

08.06.2026 16:25

https://kb.cert.org/vuls/id/595768

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2026-8879

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2026-8879

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2026-8879

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2026-8879