ExtSafe

Endpoint VerificationSecurity Analysis

Chromev1.139.0MV3February 16, 2026 at 03:36 PM
9.1CRITICAL
9.1 CRITICAL

This extension shows critical risk indicators. It requests highly sensitive permissions combined with suspicious code patterns. Proceed with extreme caution.

Based on 14 permissions including high-risk ones, 25 code findings, 1 dangerous combination.

Dangerous Combinations(1)

CRITICALCookie access + external network

Extension has cookie access and sends data to external servers — potential session token theft.

cookies+external network request
Permissions
10.0/10
Code
10.0/10
Combinations
10.0/10
Manifest/CSP
1.0/10

Permissions(14 analyzed)

Code Findings(13 patterns, 25 total)

Libraries(1 detected)

1 library detected

Content Security Policy

CSP Present(1 issue)
LOW
object-srcobject-src not restricted

object-src is not set to 'none'. Plugins like Flash can be embedded, which may allow code execution.

Manifest Analysis(0 findings)

Resolved from __MSG_* i18n placeholders:

Description: Allows Google Workspace administrators to view laptop and desktop status, including OS, device, and user information.

No manifest-level concerns found.

External Domains(8)

accounts.google.comdl.google.commomentjs.commy.opera.comopensource.orgpaulirish.comsupport.google.comwww.apache.org

Indicators of Compromise

10 indicators of compromise found

File Statistics

38
Total Files
6
JS Files
2.9 MB
Total Size

Other Scanned Extensions

Urban VPN Proxy
8.2 CRITICAL
BrowserGPT: ChatGPT Anywhere Powered by GPT 4
8.2 CRITICAL
MyJDownloader Browser Extension
8.4 CRITICAL
__MSG_appName__
8.0 CRITICAL
HARPA AI: Web Automation with ChatGPT, Claude, Gemini, Grok
9.8 CRITICAL
Phantom
9.6 CRITICAL