High severity7.1NVD Advisory· Published Jun 3, 2026· Updated Jun 5, 2026
CVE-2026-8874
CVE-2026-8874
Description
Version 3.0.7 of the Securly Chrome Extension downloads JSON files containing crisis alert keywords and filtering rules over unencrypted HTTP via the Fetch API. Other endpoints in the same extension correctly fetch IWF and CIPA data over HTTPS, demonstrating an inconsistent implementation of TLS.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Range: <=3.0.7
Patches
Vulnerability mechanics
References
1- kb.cert.org/vuls/id/595768nvdThird Party Advisory
News mentions
1- ⚡ Weekly Recap: Instagram Account Hacks, Android Zero-Day, GitHub Worm and MoreThe Hacker News · Jun 8, 2026