Is ChatGPT for Chrome - Search AI safe to use?

ChatGPT for Chrome - Search AI has a risk level of HIGH with an overall risk score of 7.4/10. Our scan detected 98 security findings. This extension has significant security concerns — review the full report before installing.

What permissions does ChatGPT for Chrome - Search AI request?

ChatGPT for Chrome - Search AI requests the following permissions: storage, contextMenus, webRequest, declarativeNetRequest, cookies, unlimitedStorage. It also requests host access to: *://*/*, https://chatgpt.com/*.

What is ChatGPT for Chrome - Search AI's risk score?

ChatGPT for Chrome - Search AI has an overall risk score of 7.4/10 (HIGH). Breakdown: Permissions 8.0/10, Code 8.5/10, Combinations 10.0/10, CSP 5.3/10.

ExtSafe

ChatGPT for Chrome - Search AISecurity Analysis

Chromev1.0.7MV3February 18, 2026 at 11:35 AM

Potentially unsafe

This extension shows concerning patterns that may indicate risky behavior. Proceed with caution.

7.4HIGH

7.4 HIGHRaw: 8.2

This extension shows significant risk signals. Review the findings below carefully before installing or continuing to use it.

Based on 8 permissions including high-risk ones, 93 code findings, 2 dangerous combinations.

Trust Signals(2.0/10)

Users

30K

Rating

4.9(544 reviews)

Dangerous Combinations(2)

CRITICALBulk cookie access + external network

Extension uses chrome.cookies.getAll for bulk cookie access and sends data to external servers — high risk of session token theft.

cookies+chrome.cookies.getAll + external network

CRITICALNetwork interception + external communication

Extension intercepts network traffic and sends data externally — potential man-in-the-middle behavior.

webRequest/webRequestBlocking+external network request

Permissions

8.0/10

Code

8.5/10

Combinations

10.0/10

Manifest/CSP

5.3/10

Permissions(8 analyzed)

Code Findings(25 patterns, 93 total)

Libraries(4 detected)

4 libraries detected

Content Security Policy

No CSP Defined(1 issue)

MEDIUM

N/ANo CSP defined

This extension does not define a Content Security Policy. A CSP helps prevent XSS and code injection attacks.

Manifest Analysis(3 findings)

Resolved from __MSG_* i18n placeholders:

Name: ChatGPT for Chrome - Search AI

Description: Add AI response on base ChatGPT alongside search engine results.

MEDIUM

web_accessible_resources.matchesOverly broad match patterns

Web-accessible resources use <all_urls> or wildcard patterns, exposing resources to every website.

MEDIUM

content_scriptsContent script injected on all URLs

Content script matches <all_urls>, executing on every website the user visits.

MEDIUM

content_scriptsContent script injected on all URLs

Content script matches <all_urls>, executing on every website the user visits.

External Domains(16)

*.chatgpt.com*.openai.comaapi.openai.comauth.openai.comchat.openai.comchatgpt.comfeross.orggithub.comjquery.comjquery.orgreactjs.orgsearchgptchrome.comtcr9i.chat.openai.comwww.apache.orgwww.youtube.com