Is Ghostery Tracker & Ad Blocker - Privacy AdBlock safe to use?

Ghostery Tracker & Ad Blocker - Privacy AdBlock has a risk level of CRITICAL with an overall risk score of 9.7/10. Our scan detected 194 security findings. This extension has significant security concerns — review the full report before installing.

What permissions does Ghostery Tracker & Ad Blocker - Privacy AdBlock request?

Ghostery Tracker & Ad Blocker - Privacy AdBlock requests the following permissions: alarms, cookies, declarativeNetRequest, declarativeNetRequestFeedback, webNavigation, storage, scripting, tabs, activeTab, webRequest, offscreen. It also requests host access to: http://*/*, https://*/*, ws://*/*, wss://*/*, *://www.youtube.com/*.

What is Ghostery Tracker & Ad Blocker - Privacy AdBlock's risk score?

Ghostery Tracker & Ad Blocker - Privacy AdBlock has an overall risk score of 9.7/10 (CRITICAL). Breakdown: Permissions 10.0/10, Code 10.0/10, Combinations 10.0/10, CSP 7.0/10.

ExtSafe

Ghostery Tracker & Ad Blocker - Privacy AdBlockSecurity Analysis

Chromev10.5.29MV3February 16, 2026 at 03:48 PM

9.7CRITICAL

9.7 CRITICAL

This extension shows critical risk indicators. It requests highly sensitive permissions combined with suspicious code patterns. Proceed with extreme caution.

Based on 16 permissions including high-risk ones, 182 code findings, 4 dangerous combinations.

Dangerous Combinations(4)

CRITICALCookie access + external network

Extension has cookie access and sends data to external servers — potential session token theft.

cookies+external network request

HIGHTab tracking + external communication

Extension tracks open tabs and communicates with external servers — potential browsing surveillance.

tabs+external network request

CRITICALNetwork interception + external communication

Extension intercepts network traffic and sends data externally — potential man-in-the-middle behavior.

webRequest/webRequestBlocking+external network request

CRITICALAll-sites access + keyboard capture

Extension has access to all sites and captures keyboard input — behavior consistent with a keylogger.

<all_urls>+keylogger_pattern

Permissions

10.0/10

Code

10.0/10

Combinations

10.0/10

Manifest/CSP

7.0/10

Permissions(16 analyzed)

Code Findings(30 patterns, 182 total)

Libraries(1 detected)

1 library detected

Content Security Policy

CSP Present(1 issue)

LOW

object-srcobject-src not restricted

object-src is not set to 'none'. Plugins like Flash can be embedded, which may allow code execution.

Manifest Analysis(3 findings)

Resolved from __MSG_* i18n placeholders:

Name: Ghostery Tracker & Ad Blocker - Privacy AdBlock

Description: Powerful and easy-to-use privacy extension. Block ads, trackers & speed up your web.

MEDIUM

web_accessible_resources.matchesOverly broad match patterns

Web-accessible resources use <all_urls> or wildcard patterns, exposing resources to every website.

HIGH

web_accessible_resourcesJS files exposed to web pages

JavaScript files are accessible to ALL websites. Any page can load and interact with these scripts, enabling web→extension attacks.

MEDIUM

web_accessible_resources.matchesOverly broad match patterns

Web-accessible resources use <all_urls> or wildcard patterns, exposing resources to every website.

External Domains(133)

${domain${ghostery_domain${host_${s${stagingmode((www**.*.${domainabc.testad.doubleclick.netadblockplus.orgaddons.mozilla.orgaddons.opera.comadguard.appadguard.comanonymous-communication.ghostery.netapi.ghostery.netapps.apple.combase64.gurubgrins.github.ioblocksurvey.iobugs.chromium.orgbugs.webkit.orgbugzilla.mozilla.orgcdn.ghostery.comcdn.plot.lycdn2.ghostery.comchromewebstore.google.comchromium.googlesource.comcmp-consent-toolcmp-consent-tool.privacymanager.iocodepen.ioconsentconsent-prefconsent.google.consent.youtube.consent.youtube.comcrbug.comd.ghostery.comdatatracker.ietf.orgdev.w3.orgdeveloper.apple.comdom.spec.whatwg.orgdomain.comdrafts.csswg.orgduckduckgo.comdustindiaz.comedgemobileapp.microsoft.comen.wikipedia.orgencoding.spec.whatwg.orgeslint.orgespace-personnelexample.comexample.orgexample.testfoo.bar.bazfrog.wix.comgdpr-legal-cookie.myshopify.comgdpr.eugeorgemauer.netghostery.comgist.github.comgithub.comgoogle.comgraphics.stanford.edugroups.google.comhelp.adblockplus.orghelp.eyeo.comhtml.spec.whatwg.orginfra.spec.whatwg.orgjigsaw.w3.orgkb.adguard.comman7.orgmaps.googleapis.commathiasbynens.bemicrosoftedge.microsoft.commozilla.orgmsdn.microsoft.commygho.stnosokonlyfansopensource.apple.comopensource.orgouraringourworldindataowasp.orgpolicies.google.compolicy.medium.compovrprivacycg.github.ioproductzpytorch.orgraw.githubusercontent.comrog-forumsafe-browsing-quorum.privacy.ghostery.netsearch.brave.comsearchfox.orgsheetjs.comstackoverflow.comstaging-cdn.ghostery.comstaging-d.ghostery.comsvgwg.orgsyndicatedsearch.googtatrck.comthekevinscott.comtinyurltools.ietf.orgtracking.comwhotracks.mewwwwww.${ghostery_domainwww.adaltas.comwww.anthropic.comwww.bing.comwww.bohemiancoding.comwww.cse.yorku.cawww.dailymotion.comwww.desmos.comwww.ghostery.comwww.ghosterystage.comwww.gnu.orgwww.googleadservices.comwww.googletagmanager.comwww.kennethmoreland.comwww.opensource.apple.comwww.yaml.orgwww.youtube.comxyangtonghome.github.iozlib.net