Is Malwarebytes Browser Guard safe to use?

Malwarebytes Browser Guard has a risk level of CRITICAL with an overall risk score of 9.7/10. Our scan detected 138 security findings. This extension has significant security concerns — review the full report before installing.

What permissions does Malwarebytes Browser Guard request?

Malwarebytes Browser Guard requests the following permissions: alarms, downloads, storage, tabs, declarativeNetRequest, declarativeNetRequestFeedback, unlimitedStorage, webRequest, contextMenus, nativeMessaging, activeTab, scripting, clipboardRead, clipboardWrite. It also requests host access to: , https://browserguard.local/*, http://*/*, https://*/*, https://myaccount.google.com/*, https://www.linkedin.com/*.

What is Malwarebytes Browser Guard's risk score?

Malwarebytes Browser Guard has an overall risk score of 9.7/10 (CRITICAL). Breakdown: Permissions 10.0/10, Code 10.0/10, Combinations 10.0/10, CSP 7.0/10.

ExtSafe

Malwarebytes Browser GuardSecurity Analysis

Chromev3.1.3MV3February 16, 2026 at 02:54 PM

9.7CRITICAL

9.7 CRITICAL

This extension shows critical risk indicators. It requests highly sensitive permissions combined with suspicious code patterns. Proceed with extreme caution.

Based on 20 permissions including high-risk ones, 123 code findings, 5 dangerous combinations.

Dangerous Combinations(5)

HIGHTab tracking + external communication

Extension tracks open tabs and communicates with external servers — potential browsing surveillance.

tabs+external network request

CRITICALNetwork interception + external communication

Extension intercepts network traffic and sends data externally — potential man-in-the-middle behavior.

webRequest/webRequestBlocking+external network request

CRITICALClipboard read + external communication

Extension reads clipboard and communicates externally — potential credential or crypto address theft.

clipboardRead+external network request

CRITICALNative messaging + dynamic code execution

Extension communicates with native apps and executes dynamic code — potential sandbox escape vector.

nativeMessaging+eval/Function/dynamic code

CRITICALAll-sites access + keyboard capture

Extension has access to all sites and captures keyboard input — behavior consistent with a keylogger.

<all_urls>+keylogger_pattern

Permissions

10.0/10

Code

10.0/10

Combinations

10.0/10

Manifest/CSP

7.0/10

Permissions(20 analyzed)

Code Findings(24 patterns, 123 total)

Content Security Policy

CSP Present

Manifest Analysis(4 findings)

Resolved from __MSG_* i18n placeholders:

Description: Block malware, scams, phishing and trackers for safer, faster browsing.

MEDIUM

web_accessible_resources.matchesOverly broad match patterns

Web-accessible resources use <all_urls> or wildcard patterns, exposing resources to every website.

HIGH

web_accessible_resourcesJS files exposed to web pages

JavaScript files are accessible to ALL websites. Any page can load and interact with these scripts, enabling web→extension attacks.

MEDIUM

web_accessible_resources.matchesOverly broad match patterns

Web-accessible resources use <all_urls> or wildcard patterns, exposing resources to every website.

LOW

externally_connectableExternal messaging enabled

Extension accepts messages from 1 external pattern(s). Verify these are trusted origins.

External Domains(32)

${c${dt.productcode${e${taccounts.google.comblog.malwarebytes.combugs.chromium.orgbugs.webkit.orgbugzilla.mozilla.orggithub.comhubble.mb-cosmos.comlinks.malwarebytes.comlocalhostmalwarebytes.commy.malwarebytes.commyaccount.google.como438337.ingest.sentry.ioreact.devreactrouter.coms.alchemer.comsirius-staging.mwbsys.comsirius.mwbsys.comstaging-hubble.mb-cosmos.comsupport.malwarebytes.comtailwindcss.comwww.example.comwww.instagram.comwww.linkedin.comwww.malwarebytes.comwww.youtube.comx.comyt3.ggpht.com