Is Cyberhaven security extension V3 safe to use?

Cyberhaven security extension V3 has a risk level of HIGH with an overall risk score of 7.3/10. Our scan detected 234 security findings. This extension has significant security concerns — review the full report before installing.

What permissions does Cyberhaven security extension V3 request?

Cyberhaven security extension V3 requests the following permissions: alarms, tabs, downloads, webNavigation, webRequest, storage, cookies, scripting, management. It also requests host access to: , *://*.notion.so/*, https://*.proton.me/*, https://wetransfer.com/*, https://*.wetransfer.com/*, *://app.smartsheet.com/*, *://*.officeapps.live.com/*, *://*.sharepoint.com/*/sharedialog.aspx*, *://*.sharepoint.com/*, *://*.office.com/onedrive/*auth=2*, *://*.microsoft365.com/onedrive/*auth=2*, *://m365.cloud.microsoft/onedrive/*auth=2*, *://*.reddit.com/*, *://*.openai.com/*, *://*.chatgpt.com/*, *://*.chat.com/*, *://outlook.office.com/*, *://outlook.office365.com/*, *://outlook.live.com/*, *://www.office.com/*, *://www.microsoft365.com/*, *://*.odwebp.svc.ms/*, *://m365.cloud.microsoft/*, *://word.cloud.microsoft/*, *://excel.cloud.microsoft/*, *://powerpoint.cloud.microsoft/*, *://teams.microsoft.com/v2/*, *://copilot.microsoft.com/*, *://copilot.cloud.microsoft/*, *://m365.cloud.microsoft/chat/*auth=2*, *://*.live.com/*, *://*.office.com/*, *://*.microsoft.com/*, *://*.icloud.com/*, *://mail.google.com/drivesharing/driveshare*, *://mail.google.com/*, *://chat.google.com/*/mole/world*lts=chat*, *://mail.google.com/chat/*, *://docs.google.com/picker*, *://gemini.google.com/*, *://drive.google.com/drivesharing/driveshare*, *://docs.google.com/drivesharing/driveshare*, *://drive.google.com/*, *://docs.google.com/*, *://*.google.com/*, *://*.gitlab.com/*, *://*.github.dev/*, *://*.github.com/*, *://*.githubusercontent.com/*, *://*.lightning.force.com/*, https://*.figma.com/*, https://*.expensify.com/*, *://*.dropbox.com/*, https://*.docusign.com/*, *://*.deepseek.com/*, *://*.box.com/*, https://airtable.com/*, *://*.perplexity.ai/*, *://*.claude.ai/*.

What is Cyberhaven security extension V3's risk score?

Cyberhaven security extension V3 has an overall risk score of 7.3/10 (HIGH). Breakdown: Permissions 8.5/10, Code 7.8/10, Combinations 10.0/10, CSP 5.8/10.

ExtSafe

Cyberhaven security extension V3Security Analysis

Chromev25.10.5MV3February 18, 2026 at 12:07 PM

Potentially unsafe

This extension shows concerning patterns that may indicate risky behavior. Proceed with caution.

Known Security Incidents(1)

Critical2024-12Resolved

Supply chain attack — malicious code injected

Attacker compromised a Cyberhaven employee's Chrome Web Store credentials via phishing and pushed a malicious update that exfiltrated cookies and auth tokens.

View source →

7.3HIGH

7.3 HIGHRaw: 8.1

This extension shows significant risk signals. Review the findings below carefully before installing or continuing to use it.

Based on 68 permissions including high-risk ones, 168 code findings, 4 dangerous combinations.

Trust Signals(3.0/10)

Users

100K

Rating

3.5(5 reviews)

Dangerous Combinations(4)

HIGHCookie access + external network

Extension has cookie access and sends data to external servers — potential session token theft.

cookies+external network request

MEDIUMTab tracking API + external communication

Extension uses tab tracking APIs (onUpdated/query) and communicates with external servers — potential browsing surveillance.

tabs+tabs API usage + external network

CRITICALNetwork interception + external communication

Extension intercepts network traffic and sends data externally — potential man-in-the-middle behavior.

webRequest/webRequestBlocking+external network request

CRITICALExtension management + dynamic code execution

Extension manages other extensions and executes dynamic code — behavior consistent with malware dropper.

management+eval/Function/dynamic code

Permissions

8.5/10

Code

7.8/10

Combinations

10.0/10

Manifest/CSP

5.8/10

Permissions(68 analyzed)

Code Findings(23 patterns, 168 total)

Content Security Policy

CSP Present(1 issue)

LOW

object-srcobject-src not restricted

object-src is not set to 'none'. Plugins like Flash can be embedded, which may allow code execution.

Manifest Analysis(3 findings)

HIGH

web_accessible_resourcesJS files exposed to web pages

JavaScript files are accessible to ALL websites. Any page can load and interact with these scripts, enabling web→extension attacks.

MEDIUM

web_accessible_resources.matchesOverly broad match patterns

Web-accessible resources use <all_urls> or wildcard patterns, exposing resources to every website.

HIGH

content_scriptsAggressive content script injection

Content script runs at document_start in ALL frames on ALL URLs. This gives the extension deep access to every page load, including iframes.

External Domains(26)

${i${r*.boxcloud.com*.my.salesforce.com*.sharepoint.com*.svc.msapp.box.comclients6.google.comdev-connector.enterprise.slack.comdocs.google.comdrivefrontend-pa.clients6.google.comdrivesharefrontend-pa.clients6.google.comexample.comgithub.comgitlab.comgraph.microsoft.comlookerstudio.google.comnn${t.startswith(setup.icloud.comsupport.cyberhaven.ioupload.docs.google.comwww.cyberhaven.comwww.expensify.comwww.notion.sowww.reddit.com