Is Certisign WebSigner safe to use?

Certisign WebSigner has a risk level of MEDIUM with an overall risk score of 5.8/10. Our scan detected 35 security findings. This extension has some risks worth reviewing.

What permissions does Certisign WebSigner request?

Certisign WebSigner requests the following permissions: nativeMessaging, storage, downloads, tabs. It also requests host access to: http://*/*, https://*/*.

What is Certisign WebSigner's risk score?

Certisign WebSigner has an overall risk score of 5.8/10 (MEDIUM). Breakdown: Permissions 8.5/10, Code 6.7/10, Combinations 10.0/10, CSP 1.7/10.

ExtSafe

Certisign WebSignerSecurity Analysis

Chromev2.17.2MV3February 18, 2026 at 11:42 AM

Potentially unsafe

This extension shows concerning patterns that may indicate risky behavior. Proceed with caution.

5.8MEDIUM

5.8 MEDIUMRaw: 7.2

This extension shows some risk signals that are common in legitimate extensions but worth reviewing. Check the details below.

Based on 6 permissions including high-risk ones, 30 code findings, 2 dangerous combinations.

Trust Signals(4.3/10)

Users

1.0M

Rating

5.0(152 reviews)

Dangerous Combinations(2)

CRITICALNative messaging + dynamic code execution

Extension communicates with native apps and executes dynamic code — potential sandbox escape vector.

nativeMessaging+eval/Function/dynamic code

CRITICALAll-sites access + keyboard capture

Extension has access to all sites and captures keyboard input — behavior consistent with a keylogger.

<all_urls>+keylogger_pattern

Permissions

8.5/10

Code

6.7/10

Combinations

10.0/10

Manifest/CSP

1.7/10

Permissions(6 analyzed)

Code Findings(18 patterns, 30 total)

Libraries(1 detected)

1 library detected

Content Security Policy

No CSP Defined(1 issue)

MEDIUM

N/ANo CSP defined

This extension does not define a Content Security Policy. A CSP helps prevent XSS and code injection attacks.

Manifest Analysis(0 findings)

No manifest-level concerns found.

External Domains(27)

angular.iobit.lychromewebstore.google.comcoderwall.comcodingrepo.comcrestidg.comdemos.lacunasoftware.comfx.lacunasoftware.comg.coget.websignerplugin.comgetwebpkibeta.lacunasoftware.comgithub.comkevin.vanzonneveld.netlacunasoftware.comlocalhostmaterial.angular.iopki.restraw.githubusercontent.comrestpki.comrestpki.lacunasoftware.comrestpkibeta.azurewebsites.netsnipplr.comstackoverflow.comwww.jsfromhell.comwww.openssl.orgwww.restpki.comwww.winternet.no