Is Hola VPN - Your Website Unblocker safe to use?

Hola VPN - Your Website Unblocker has a risk level of CRITICAL with an overall risk score of 9.5/10. Our scan detected 214 security findings. This extension has significant security concerns — review the full report before installing.

What permissions does Hola VPN - Your Website Unblocker request?

Hola VPN - Your Website Unblocker requests the following permissions: proxy, webRequest, storage, tabs, webNavigation, cookies, scripting, webRequestAuthProvider, declarativeNetRequest, management. It also requests host access to: *://*/*, https://*.hola.org/*, https://*.zspeed-cdn.com/*, https://*.h-vpn.org/*, https://*.holavpn.com/*, https://*.holavpnworld.com/*, https://*.holavpnextension.com/*, https://*.holavpninstaller.com/*, https://*.holasof.com/*, https://*.holabrowser.com/*, https://*.holafreevpn.com/*, https://*.holavpnrussia.com/*, https://*.hola-vpn.com/*, https://*.holax.io/*, https://*.holavpn.net/*, https://*.holavpnandroid.com/*, https://*.c6gj-static.net/*, https://*.su89-cdn.net/*, https://*.yd6n63ptky.com/*, https://*.yg5sjx5kzy.com/*, https://*.kbz0pwvxmv.com/*, https://*.wbzby2a2k9.com/*, https://*.hola-compat.com/*, https://*.x-cdn-static.com/*, https://*.mc5smy5d7h.com/*, https://*.tszbegfdw9.com/*, *://new-tab-page/*, *://hola-new-tab-page/*, *://hola-diagnostics/*, *://hola-settings/*, *://settings/*.

What is Hola VPN - Your Website Unblocker's risk score?

Hola VPN - Your Website Unblocker has an overall risk score of 9.5/10 (CRITICAL). Breakdown: Permissions 10.0/10, Code 10.0/10, Combinations 10.0/10, CSP 5.0/10.

ExtSafe

Hola VPN - Your Website UnblockerSecurity Analysis

Chromev1.250.91MV3February 16, 2026 at 03:00 PM

9.5CRITICAL

9.5 CRITICAL

This extension shows critical risk indicators. It requests highly sensitive permissions combined with suspicious code patterns. Proceed with extreme caution.

Based on 41 permissions including high-risk ones, 175 code findings, 4 dangerous combinations.

Dangerous Combinations(4)

CRITICALCookie access + external network

Extension has cookie access and sends data to external servers — potential session token theft.

cookies+external network request

HIGHTab tracking + external communication

Extension tracks open tabs and communicates with external servers — potential browsing surveillance.

tabs+external network request

CRITICALNetwork interception + external communication

Extension intercepts network traffic and sends data externally — potential man-in-the-middle behavior.

webRequest/webRequestBlocking+external network request

CRITICALExtension management + dynamic code execution

Extension manages other extensions and executes dynamic code — behavior consistent with malware dropper.

management+eval/Function/dynamic code

Permissions

10.0/10

Code

10.0/10

Combinations

10.0/10

Manifest/CSP

5.0/10

Permissions(41 analyzed)

Code Findings(26 patterns, 175 total)

Libraries(4 detected)

4 libraries detected

Content Security Policy

CSP Present(1 issue)

LOW

object-srcobject-src not restricted

object-src is not set to 'none'. Plugins like Flash can be embedded, which may allow code execution.

Manifest Analysis(2 findings)

Resolved from __MSG_* i18n placeholders:

Name: Hola VPN - Your Website Unblocker

Description: The easiest way to access the Borderless Internet, Hola VPN gets you Access to the global online content you want!

MEDIUM

web_accessible_resources.matchesOverly broad match patterns

Web-accessible resources use <all_urls> or wildcard patterns, exposing resources to every website.

MEDIUM

web_accessible_resources.matchesOverly broad match patterns

Web-accessible resources use <all_urls> or wildcard patterns, exposing resources to every website.

External Domains(72)

${agent.host${d${domain${host${root_url${url${www_host*.c6gj-static.net*.h-vpn.org*.hola-compat.com*.hola-vpn.com*.hola.org*.holabrowser.com*.holafreevpn.com*.holasof.com*.holavpn.com*.holavpn.net*.holavpnandroid.com*.holavpnextension.com*.holavpninstaller.com*.holavpnrussia.com*.holavpnworld.com*.holax.io*.kbz0pwvxmv.com*.mc5smy5d7h.com*.su89-cdn.net*.tszbegfdw9.com*.wbzby2a2k9.com*.x-cdn-static.com*.yd6n63ptky.com*.yg5sjx5kzy.com*.zspeed-cdn.com208.68.38.214__hola__.pac_get_init_ts.local.hola__hola__.pac_get_last_proxied_hosts.local.hola__hola__.set.addons.mozilla.orgaddons.opera.combrowserhacks.comcdn4.hola.orgchromewebstore.google.comclient-cdn4.hola.orgclient.hola.orgclient.zspeed-cdn.comdisney.comedge.api.brightcove.comfb.megithub.comgoogle.comhola-sitepic.b-cdn.nethola.orgjedwatson.github.iolive.bleacherreport.commediaplayer.itv.commicrosoftedge.microsoft.comperr.hola.orgplay.hbonow.comreactjs.orgsupport.kaspersky.comunderscorejs.orgvdkd6nz8qr.s3.amazonaws.comweb.hola.orgwww.bet365.comwww.cwtv.comwww.dropbox.comwww.globaltv.comwww.netflix.comwww.ondemandkorea.comwww.opensource.orgwww.southparkstudios.nuwww.sprint.comwww.trustpilot.com