Is Avira Browser Safety safe to use?

Avira Browser Safety has a risk level of CRITICAL with an overall risk score of 9.6/10. Our scan detected 167 security findings. This extension has significant security concerns — review the full report before installing.

What permissions does Avira Browser Safety request?

Avira Browser Safety requests the following permissions: tabs, storage, webRequest, cookies, unlimitedStorage, scripting, declarativeNetRequest, alarms, webNavigation, management. It also requests host access to: , *://*/*, http://*.avira.com/*, https://*.avira.com/*.

What is Avira Browser Safety's risk score?

Avira Browser Safety has an overall risk score of 9.6/10 (CRITICAL). Breakdown: Permissions 10.0/10, Code 10.0/10, Combinations 10.0/10, CSP 6.3/10.

ExtSafe

Avira Browser SafetySecurity Analysis

Chromev4.3.1.57MV3February 16, 2026 at 02:57 PM

9.6CRITICAL

9.6 CRITICAL

This extension shows critical risk indicators. It requests highly sensitive permissions combined with suspicious code patterns. Proceed with extreme caution.

Based on 14 permissions including high-risk ones, 156 code findings, 4 dangerous combinations.

Dangerous Combinations(4)

CRITICALCookie access + external network

Extension has cookie access and sends data to external servers — potential session token theft.

cookies+external network request

HIGHTab tracking + external communication

Extension tracks open tabs and communicates with external servers — potential browsing surveillance.

tabs+external network request

CRITICALNetwork interception + external communication

Extension intercepts network traffic and sends data externally — potential man-in-the-middle behavior.

webRequest/webRequestBlocking+external network request

CRITICALExtension management + dynamic code execution

Extension manages other extensions and executes dynamic code — behavior consistent with malware dropper.

management+eval/Function/dynamic code

Permissions

10.0/10

Code

10.0/10

Combinations

10.0/10

Manifest/CSP

6.3/10

Permissions(14 analyzed)

Code Findings(29 patterns, 156 total)

Libraries(3 detected)

3 libraries detected, 1 with known vulnerabilities

Content Security Policy

CSP Present(2 issues)

MEDIUM

script-srcHTTP scheme allowed

Allowing the http: scheme enables loading scripts over insecure connections, vulnerable to MITM attacks.

LOW

object-srcobject-src not restricted

object-src is not set to 'none'. Plugins like Flash can be embedded, which may allow code execution.

Manifest Analysis(2 findings)

Resolved from __MSG_* i18n placeholders:

Name: Avira Browser Safety

Description: Your surfing made private and secure

MEDIUM

web_accessible_resources.matchesOverly broad match patterns

Web-accessible resources use <all_urls> or wildcard patterns, exposing resources to every website.

MEDIUM

content_scriptsContent script injected on all URLs

Content script matches <all_urls>, executing on every website the user visits.

External Domains(63)

${t**.avira.comaddons.mozilla.orgaddons.opera.comadguard.comanalytics.avcdn.netapi.ciuvo.comapi.mixpanel.combugs.chromium.orgbugs.jquery.combugs.webkit.orgcaniuse.comchrome.adtidy.orgchromium-review.googlesource.comciuvo.comcode.google.comdev.opera.comdeveloper.microsoft.comdevelopers.chrome.comdevelopers.google.comdispatch.avira-update.comdocs.microsoft.comdomain.comdownload.avira.comdrafts.csswg.orgen.wikipedia.orgexample.comextensions.avira.comfilters.adtidy.orggithub.comgroups.google.comhtml.spec.whatwg.orgjquery.comjquery.orgjs.foundationjsperf.comkb.adguard.comlocalhostmathiasbynens.bemicrosoftedge.microsoft.commsdn.microsoft.commths.beoffers.avira.comprobablyprogramming.comsb.adtidy.orgsentry.avira.netsizzlejs.comstackoverflow.comstage-stats.securebrowser.comstats.securebrowser.comtools.ietf.orgtrackers-test-page.avira.orgtwitter.comv2.auc.avira.comwww.www.apache.orgwww.avira.comwww.facebook.comwww.gnu.orgwww.opensource.orgwww.yaml.orgyandex.ru