Is Okta Browser Plugin safe to use?

Okta Browser Plugin has a risk level of CRITICAL with an overall risk score of 8.9/10. Our scan detected 153 security findings. This extension has significant security concerns — review the full report before installing.

What permissions does Okta Browser Plugin request?

Okta Browser Plugin requests the following permissions: tabs, cookies, storage, unlimitedStorage, webRequest, webNavigation, scripting, declarativeNetRequestWithHostAccess, webRequestAuthProvider, privacy. It also requests host access to: https://*/, http://*/.

What is Okta Browser Plugin's risk score?

Okta Browser Plugin has an overall risk score of 8.9/10 (CRITICAL). Breakdown: Permissions 9.5/10, Code 10.0/10, Combinations 10.0/10, CSP 1.0/10.

ExtSafe

Okta Browser PluginSecurity Analysis

Chromev6.45.0MV3February 16, 2026 at 03:17 PM

8.9CRITICAL

8.9 CRITICAL

This extension shows critical risk indicators. It requests highly sensitive permissions combined with suspicious code patterns. Proceed with extreme caution.

Based on 12 permissions including high-risk ones, 144 code findings, 3 dangerous combinations.

Dangerous Combinations(3)

CRITICALCookie access + external network

Extension has cookie access and sends data to external servers — potential session token theft.

cookies+external network request

HIGHTab tracking + external communication

Extension tracks open tabs and communicates with external servers — potential browsing surveillance.

tabs+external network request

CRITICALNetwork interception + external communication

Extension intercepts network traffic and sends data externally — potential man-in-the-middle behavior.

webRequest/webRequestBlocking+external network request

Permissions

9.5/10

Code

10.0/10

Combinations

10.0/10

Manifest/CSP

1.0/10

Permissions(12 analyzed)

Code Findings(22 patterns, 144 total)

Libraries(4 detected)

4 libraries detected

Content Security Policy

CSP Present(1 issue)

LOW

object-srcobject-src not restricted

object-src is not set to 'none'. Plugins like Flash can be embedded, which may allow code execution.

Manifest Analysis(0 findings)

No manifest-level concerns found.

External Domains(47)

${t**.*.auth0.comaddons.mozilla.orgapi.eu.amplitude.comapi2.amplitude.comapp.pendo.ioapps.apple.comdata.pendo.ioexample.comfb.mefeross.orgfusejs.iogit.newgithub.comhelp.okta.comjaywcjlove.github.iojquery.comjquery.orgjs.foundationkiro.melocalhostlodash.comlogin.okta.commicrosoftedge.microsoft.commui.comnpms.iook3static.oktacdn.comokta.comopenjsf.orgpersonal.personal.clouditude.compersonal.okta.compersonal.okta1.compersonal.trexcloud.comqa-plugin-fpa-idx.trexcloud.comrain.okta1.comreactjs.orgredux.js.orgsizzlejs.comsupport.oktapersonal.comunderscorejs.orgwww.apache.orgwww.docs.developers.amplitude.comwww.framer.comwww.okta.com