ExtSafe

Microsoft Bing Search with RewardsSecurity Analysis

Chromev2.23MV3February 16, 2026 at 03:28 PM
9.3CRITICAL
9.3 CRITICAL

This extension shows critical risk indicators. It requests highly sensitive permissions combined with suspicious code patterns. Proceed with extreme caution.

Based on 9 permissions including high-risk ones, 34 code findings, 1 dangerous combination.

Dangerous Combinations(1)

CRITICALCookie access + external network

Extension has cookie access and sends data to external servers — potential session token theft.

cookies+external network request
Permissions
10.0/10
Code
10.0/10
Combinations
10.0/10
Manifest/CSP
3.3/10

Permissions(9 analyzed)

Code Findings(14 patterns, 34 total)

Libraries(1 detected)

1 library detected, 1 with known vulnerabilities

Content Security Policy

No CSP Defined(1 issue)
MEDIUM
N/ANo CSP defined

This extension does not define a Content Security Policy. A CSP helps prevent XSS and code injection attacks.

Manifest Analysis(1 finding)

Resolved from __MSG_* i18n placeholders:

Name: Microsoft Bing Search with Rewards

Description: Use the Microsoft Rewards extension to find new ways to earn every day, easily track your points and set your default search to Bing

LOW
externally_connectableExternal messaging enabled

Extension accepts messages from 2 external pattern(s). Verify these are trusted origins.

External Domains(9)

browserdefaults.chinacloudsites.cnbrowserdefaults.microsoft.comdc.services.visualstudio.comgo.microsoft.commsasg.visualstudio.comprivacy.microsoft.comservices.bingapis.comwww.bing.comwww.microsoft.com

Indicators of Compromise

10 indicators of compromise found

File Statistics

131
Total Files
13
JS Files
1.5 MB
Total Size

Other Scanned Extensions

Urban VPN Proxy
8.2 CRITICAL
BrowserGPT: ChatGPT Anywhere Powered by GPT 4
8.2 CRITICAL
MyJDownloader Browser Extension
8.4 CRITICAL
__MSG_appName__
8.0 CRITICAL
HARPA AI: Web Automation with ChatGPT, Claude, Gemini, Grok
9.8 CRITICAL
Phantom
9.6 CRITICAL