Is IE Tab safe to use?

IE Tab has a risk level of CRITICAL with an overall risk score of 9.7/10. Our scan detected 115 security findings. This extension has significant security concerns — review the full report before installing.

What permissions does IE Tab request?

IE Tab requests the following permissions: tabs, storage, contextMenus, webRequest, webRequestBlocking, nativeMessaging, cookies, alarms, offscreen, declarativeNetRequestWithHostAccess, downloads. It also requests host access to: , *://*.ietab.net/*.

What is IE Tab's risk score?

IE Tab has an overall risk score of 9.7/10 (CRITICAL). Breakdown: Permissions 10.0/10, Code 10.0/10, Combinations 10.0/10, CSP 7.3/10.

ExtSafe

IE TabSecurity Analysis

Chromev18.12.12.1MV3February 16, 2026 at 03:00 PM

9.7CRITICAL

9.7 CRITICAL

This extension shows critical risk indicators. It requests highly sensitive permissions combined with suspicious code patterns. Proceed with extreme caution.

Based on 13 permissions including high-risk ones, 106 code findings, 5 dangerous combinations.

Dangerous Combinations(5)

CRITICALCookie access + external network

Extension has cookie access and sends data to external servers — potential session token theft.

cookies+external network request

HIGHTab tracking + external communication

Extension tracks open tabs and communicates with external servers — potential browsing surveillance.

tabs+external network request

CRITICALNetwork interception + external communication

Extension intercepts network traffic and sends data externally — potential man-in-the-middle behavior.

webRequest/webRequestBlocking+external network request

CRITICALNative messaging + dynamic code execution

Extension communicates with native apps and executes dynamic code — potential sandbox escape vector.

nativeMessaging+eval/Function/dynamic code

CRITICALAll-sites access + keyboard capture

Extension has access to all sites and captures keyboard input — behavior consistent with a keylogger.

<all_urls>+keylogger_pattern

Permissions

10.0/10

Code

10.0/10

Combinations

10.0/10

Manifest/CSP

7.3/10

Permissions(13 analyzed)

Code Findings(29 patterns, 106 total)

Libraries(1 detected)

1 library detected

Content Security Policy

CSP Present(1 issue)

LOW

object-srcobject-src not restricted

object-src is not set to 'none'. Plugins like Flash can be embedded, which may allow code execution.

Manifest Analysis(4 findings)

Resolved from __MSG_* i18n placeholders:

Description: Display web pages using IE within Chrome. Use Java, Silverlight, ActiveX, Sharepoint, and more.

HIGH

web_accessible_resourcesJS files exposed to web pages

JavaScript files are accessible to ALL websites. Any page can load and interact with these scripts, enabling web→extension attacks.

MEDIUM

web_accessible_resources.matchesOverly broad match patterns

Web-accessible resources use <all_urls> or wildcard patterns, exposing resources to every website.

LOW

externally_connectableExternal messaging enabled

Extension accepts messages from 1 external pattern(s). Verify these are trusted origins.

MEDIUM

content_scriptsContent script injected on all URLs

Content script matches <all_urls>, executing on every website the user visits.

External Domains(20)

127.0.0.1blog.chromium.orgcode.google.comdynamodb.github.comgroups.google.comhub.ietab.netissues.chromium.orglping.ietab.netmail.google.commit-license.orgmsdn.microsoft.comsecuretoken.googleapis.comstackoverflow.comstijndewitt.comwww.apache.orgwww.googleapis.comwww.ietab.netwww.microsoft.comwww.stucox.com