ExtSafe

BrowserGPT: ChatGPT Anywhere Powered by GPT 4Security Analysis

Chromev3.1.8MV3March 2, 2026 at 07:43 AM
Dangerous

This extension exhibits behaviors commonly associated with malware. Installation is not recommended.

8.2CRITICAL
8.2 CRITICALRaw: 9.1

This extension shows critical risk indicators. It requests highly sensitive permissions combined with suspicious code patterns. Proceed with extreme caution.

Based on 226 permissions including high-risk ones, 93 code findings, 3 dangerous combinations.

Trust Signals(3.0/10)

Users
30K
Rating
4.8(138 reviews)
Status
Featured

Dangerous Combinations(3)

HIGHCookie access + external network

Extension has cookie access and sends data to external servers — potential session token theft.

cookies+external network request
CRITICALClipboard read + external communication

Extension reads clipboard and communicates externally — potential credential or crypto address theft.

clipboardRead+external network request
CRITICALAll-sites access + keyboard capture

Extension has access to all sites and captures keyboard input — behavior consistent with a keylogger.

<all_urls>+keylogger_pattern
Permissions
8.0/10
Code
10.0/10
Combinations
10.0/10
Manifest/CSP
8.0/10

Permissions(226 analyzed)

Code Findings(13 patterns, 93 total)

Libraries(12 detected)

12 libraries detected

Content Security Policy

No CSP Defined(1 issue)
MEDIUM
N/ANo CSP defined

This extension does not define a Content Security Policy. A CSP helps prevent XSS and code injection attacks.

Manifest Analysis(7 findings)

Resolved from __MSG_* i18n placeholders:

Name: BrowserGPT: ChatGPT Anywhere Powered by GPT 4

Description: Write, reword, and translate 8x faster. Reply to emails in a click. Works on Google Docs, Gmail, YouTube, Twitter, Instagram, etc.

MEDIUM
web_accessible_resources.matchesOverly broad match patterns

Web-accessible resources use <all_urls> or wildcard patterns, exposing resources to every website.

MEDIUM
web_accessible_resourcesJS files exposed to web pages

JavaScript files are exposed as web-accessible resources. Matched websites can load and interact with extension scripts.

MEDIUM
web_accessible_resources.matchesOverly broad match patterns

Web-accessible resources use <all_urls> or wildcard patterns, exposing resources to every website.

MEDIUM
web_accessible_resources.matchesOverly broad match patterns

Web-accessible resources use <all_urls> or wildcard patterns, exposing resources to every website.

MEDIUM
content_scriptsContent script injected on all URLs

Content script matches <all_urls>, executing on every website the user visits.

HIGH
content_scriptsAggressive content script injection

Content script runs at document_start in ALL frames on ALL URLs. This gives the extension deep access to every page load, including iframes.

MEDIUM
content_scriptsContent script injected on all URLs

Content script matches <all_urls>, executing on every website the user visits.

External Domains(8)

blog.prototypr.iobypass.hix.aidocs.google.comemailregex.comgithub.comhix.aireactjs.orguser-images.githubusercontent.com

Indicators of Compromise

414 indicators of compromise found

File Statistics

392
Total Files
34
JS Files
69.8 MB
Total Size

Other Scanned Extensions

Urban VPN Proxy
8.2 CRITICAL
MyJDownloader Browser Extension
8.4 CRITICAL
__MSG_appName__
8.0 CRITICAL
HARPA AI: Web Automation with ChatGPT, Claude, Gemini, Grok
9.8 CRITICAL
Phantom
9.6 CRITICAL
Live Screen Recorder
8.7 CRITICAL