Securly Chrome Extension Hardcoded AES Passphrases Vulnerability

Vulnerability

A vulnerability exists in version 3.0.7 of the Securly Chrome Extension due to hardcoded, plaintext AES passphrases embedded in the file securly.min.js. These passphrases are used to decrypt crisis alert keyword data and intervention site data. This issue is part of a broader set of vulnerabilities in the extension, which is commonly used on K–12 school-managed Chromebooks.

Impact

The hardcoded AES passphrases can be exploited to decrypt sensitive crisis alert and intervention site data, potentially leading to unauthorized access or manipulation of this information.

Added: Jun 3, 2026, 7:36 PM

Updated: Jun 3, 2026, 7:36 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

7.4

remediation

0.0

relevance

9.9

threat

0.0

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

7.4

remediation

0.0

relevance

9.9

threat

0.0

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Securly Chrome Extension Hardcoded AES Passphrases Vulnerability

Vulnerability

Impact

Affected Products

Securly Chrome Extension

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating