MEGA has a risk level of MEDIUM with an overall risk score of 3.1/10. Our scan detected 328 security findings. This extension has some risks worth reviewing.

What permissions does MEGA request?

MEGA requests the following permissions: unlimitedStorage, declarativeNetRequest. It also requests host access to: https://mega.nz/*.

What is MEGA's risk score?

MEGA has an overall risk score of 3.1/10 (MEDIUM). Breakdown: Permissions 6.5/10, Code 7.4/10, Combinations 0.0/10, CSP 1.7/10.

ExtSafe

MEGASecurity Analysis

Chromev6.26.0MV3March 16, 2026 at 05:01 PM

Use with caution

This extension requests significant permissions. It has 1M+ users, a 4.6 star rating, but review the findings below.

3.1MEDIUM

3.1 MEDIUMRaw: 4.8

This extension shows some risk signals that are common in legitimate extensions but worth reviewing. Check the details below.

Based on 3 permissions including high-risk ones, 326 code findings.

Trust Signals(6.0/10)

Users

1.0M

Rating

4.6(7K reviews)

Status

Featured

Permissions

6.5/10

Code

7.4/10

Combinations

0.0/10

Manifest/CSP

1.7/10

Permissions(3 analyzed)

Code Findings(30 patterns, 326 total)

Libraries(8 detected)

8 libraries detected, 3 with known vulnerabilities

Content Security Policy

CSP Present

Manifest Analysis(1 finding)

Resolved from __MSG_* i18n placeholders:

Description: Secure cloud storage, chat, and meetings

MEDIUM

web_accessible_resources.matchesOverly broad match patterns

Web-accessible resources use <all_urls> or wildcard patterns, exposing resources to every website.

External Domains(198)

${adomain${base_domain.replace(${host${location.host${url0.0.0.00.255.255.25510.0.0.010.255.255.255100.127.255.255100.64.0.0127.0.0.0127.0.0.1127.255.255.255169.254.0.0169.254.255.255172.16.0.0172.31.255.255192.0.0.0192.0.0.255192.0.2.0192.0.2.255192.168.0.0192.168.2.3192.168.255.255192.88.99.0192.88.99.255198.18.0.0198.19.255.255198.51.100.0198.51.100.255203.0.113.0203.0.113.255224.0.0.0239.255.255.255240.0.0.024ways.org255.255.255.255addons.mozilla.orgadodson.comapi.centili.comapi.jqueryui.comappgallery.huawei.comapps.apple.comappworld.blackberry.comasmjs.orgauthy.combeta.mega.nz.bit.lybitbucket.orgblog.codinghorror.comblog.ejci.netblog.mega.iobrett-zamir.mebt7.api.mega.co.nzbugs.chromium.orgbugs.jquery.combugs.jqueryui.combugs.webkit.orgbugzilla.mozilla.orgburtleburtle.netcaniuse.comcareers.mega.nzchartjs.gitbooks.iochartjs.orgchromewebstore.google.comcode.google.comcodemirror.netcodepen.ioconnect.microsoft.comcrbug.comdavidwalsh.namedev.w3.orgdeveloper.ean.comdexie.orgdl.dropboxusercontent.comdocs.closure-library.googlecode.comdocxdrafts.csswg.orgduo.comen.chahaoba.comen.wikipedia.orgeu.static.mega.co.nzexample.comg.api.mega.co.nzg.static.mega.co.nzgiphy.mega.nzgist.github.comgithub.comgoogle.comhelp.mega.iohtml.spec.whatwg.orginfra.spec.whatwg.orginstagram.comionden.comitunes.apple.comjp.static.mega.co.nzjquery.comjquery.orgjquerymobile.comjqueryui.comjqueryvalidation.orgjsperf.comkevin.vanzonneveld.netlab.ejci.netlocalhostlocalhost.megasyncloopback.mega.nzlocalhost.save-file.mega.nzmarijnhaverbeke.nlmath.stackexchange.commathiasbynens.github.iome.gamega.${mega.tldmega.6media.twmega.appmega.bwm-mediasoft.commega.iomega.nzmega.nz.megapay.nzmicrosoftedge.microsoft.commomentjs.commsdn.microsoft.commy.cloudbasedbackup.comna.static.mega.co.nznadikun.comnewplace.to.link.hashtag.handles.tonewplace.to.link.mention.tonewplace.to.link.phone.numbers.toplay.google.compromisesaplus.comraw.github.comreactjs.orgrumkin.comscaledinnovation.comschema.orgschemas.microsoft.comschemas.openxmlformats.orgsites.google.comsmkstatic.transfer.itsmoketest.static.mega.nzsoundcloud.comst.transfer.itstackoverflow.comstaging.api.mega.co.nzstats.sfu.mega.co.nzstuartk.comstuk.github.iosupport.google.comsupport.tiktok.comsurvey.mega.co.nzthekevinscott.comtools.ietf.orgtransfer.ittweetnacl.cr.yp.totwemoji.maxcdn.comtwitter.comunderscorejs.orgunicode.orgw3.orgwhatsmyuseragent.comwicg.github.iowiki.multimedia.cxwww.anujgakhar.comwww.apache.orgwww.astropay.comwww.awaresystems.bewww.coinify.comwww.d-project.comwww.denso-wave.comwww.enterpriseios.comwww.example.comwww.facebook.comwww.gnu.orgwww.howtocallabroad.comwww.html5canvastutorials.comwww.instagram.comwww.linkedin.comwww.microsoft.comwww.nathanaeljones.comwww.opensource.orgwww.paulirish.comwww.qrstuff.comwww.remotesensing.orgwww.robertpenner.comwww.sno.phy.queensu.cawww.stopitnow.org.ukwww.test.comwww.threads.netwww.tiktok.comwww.twitter.comwww.unicode.orgwww.yahoo.comwww.yahoo.com&ltwww.youtube.comwww.zlib.netxregexp.comyahoo.com