Securly Chrome Extension Weak Encryption Vulnerability

Vulnerability

A vulnerability exists in version 3.0.7 of the Securly Chrome Extension due to the use of EVP_BytesToKey key derivation with MD5 and a single iteration for AES encryption. This implementation is flawed because MD5 has been compromised since 2004, and a single iteration lacks effective key stretching, significantly weakening the encryption's security. As a result, protected data is susceptible to efficient offline cracking.

Impact

Exploitation of this vulnerability undermines the encryption used to protect sensitive data, making it vulnerable to decryption and unauthorized access.

Added: Jun 3, 2026, 7:34 PM

Updated: Jun 3, 2026, 7:34 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

4.7

remediation

0.0

relevance

9.9

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

4.7

remediation

0.0

relevance

9.9

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Securly Chrome Extension Weak Encryption Vulnerability

Vulnerability

Impact

Affected Products

Securly Chrome Extension

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating