Is Multi Chat - Messenger for WhatsApp safe to use?

Multi Chat - Messenger for WhatsApp has a risk level of CRITICAL with an overall risk score of 9.3/10. Our scan detected 27 security findings. This extension has significant security concerns — review the full report before installing.

What permissions does Multi Chat - Messenger for WhatsApp request?

Multi Chat - Messenger for WhatsApp requests the following permissions: tabs, storage, contextMenus, system.display, declarativeNetRequest, declarativeNetRequestWithHostAccess. It also requests host access to: *://*/*, *://web.telegram.org/*, *://web.whatsapp.com/*, *://web.skype.com/*, *://mikeappssrc.com/*.

What is Multi Chat - Messenger for WhatsApp's risk score?

Multi Chat - Messenger for WhatsApp has an overall risk score of 9.3/10 (CRITICAL). Breakdown: Permissions 10.0/10, Code 9.9/10, Combinations 7.0/10, CSP 6.7/10.

ExtSafe

Multi Chat - Messenger for WhatsAppSecurity Analysis

Chromev1.1.20MV3February 16, 2026 at 03:55 PM

9.3CRITICAL

9.3 CRITICAL

This extension shows critical risk indicators. It requests highly sensitive permissions combined with suspicious code patterns. Proceed with extreme caution.

Based on 11 permissions including high-risk ones, 19 code findings, 1 dangerous combination.

Dangerous Combinations(1)

HIGHTab tracking + external communication

Extension tracks open tabs and communicates with external servers — potential browsing surveillance.

tabs+external network request

Permissions

10.0/10

Code

9.9/10

Combinations

7.0/10

Manifest/CSP

6.7/10

Permissions(11 analyzed)

Code Findings(11 patterns, 19 total)

Libraries(1 detected)

1 library detected

Content Security Policy

No CSP Defined(1 issue)

MEDIUM

N/ANo CSP defined

This extension does not define a Content Security Policy. A CSP helps prevent XSS and code injection attacks.

Manifest Analysis(2 findings)

Resolved from __MSG_* i18n placeholders:

Name: Multi Chat - Messenger for WhatsApp

Description: Open WhatsApp and other popular messengers on desktop easily and get access to all your chats from mobile.

MEDIUM

web_accessible_resources.matchesOverly broad match patterns

Web-accessible resources use <all_urls> or wildcard patterns, exposing resources to every website.

HIGH

content_scriptsAggressive content script injection

Content script runs at document_start in ALL frames on ALL URLs. This gives the extension deep access to every page load, including iframes.

External Domains(15)

app.slack.comcrewapp.comdiscord.comhangouts.google.cominstagram.comm.facebook.commessenger.commessenger.yahoo.commikeappssrc.comtimeline.line.metwitter.comweb.skype.comweb.telegram.orgweb.wechat.comweb.whatsapp.com