Is Online Security safe to use?

Online Security has a risk level of CRITICAL with an overall risk score of 9.6/10. Our scan detected 64 security findings. This extension has significant security concerns — review the full report before installing.

What permissions does Online Security request?

Online Security requests the following permissions: storage, unlimitedStorage, management, tabs, declarativeNetRequest, downloads, downloads.shelf, downloads.open, notifications, webNavigation, contextMenus, contentSettings, browsingData, history, nativeMessaging, idle, alarms, cookies. It also requests host access to: .

What is Online Security's risk score?

Online Security has an overall risk score of 9.6/10 (CRITICAL). Breakdown: Permissions 10.0/10, Code 10.0/10, Combinations 10.0/10, CSP 6.3/10.

ExtSafe

Online SecuritySecurity Analysis

Chromev7.5.0MV3February 16, 2026 at 02:53 PM

9.6CRITICAL

9.6 CRITICAL

This extension shows critical risk indicators. It requests highly sensitive permissions combined with suspicious code patterns. Proceed with extreme caution.

Based on 19 permissions including high-risk ones, 52 code findings, 5 dangerous combinations.

Dangerous Combinations(5)

CRITICALCookie access + external network

Extension has cookie access and sends data to external servers — potential session token theft.

cookies+external network request

HIGHTab tracking + external communication

Extension tracks open tabs and communicates with external servers — potential browsing surveillance.

tabs+external network request

HIGHHistory access + external communication

Extension reads browsing history and sends data externally — potential history exfiltration.

history+external network request

CRITICALExtension management + dynamic code execution

Extension manages other extensions and executes dynamic code — behavior consistent with malware dropper.

management+eval/Function/dynamic code

CRITICALNative messaging + dynamic code execution

Extension communicates with native apps and executes dynamic code — potential sandbox escape vector.

nativeMessaging+eval/Function/dynamic code

Permissions

10.0/10

Code

10.0/10

Combinations

10.0/10

Manifest/CSP

6.3/10

Permissions(19 analyzed)

Code Findings(22 patterns, 52 total)

Libraries(4 detected)

4 libraries detected

Content Security Policy

No CSP Defined(1 issue)

MEDIUM

N/ANo CSP defined

This extension does not define a Content Security Policy. A CSP helps prevent XSS and code injection attacks.

Manifest Analysis(3 findings)

MEDIUM

web_accessible_resources.matchesOverly broad match patterns

Web-accessible resources use <all_urls> or wildcard patterns, exposing resources to every website.

LOW

externally_connectableExternal messaging enabled

Extension accepts messages from 5 external pattern(s). Verify these are trusted origins.

MEDIUM

content_scriptsContent script injected on all URLs

Content script matches <all_urls>, executing on every website the user visits.

External Domains(18)

${eapi.jqueryui.comapp-beta.getmozo.comapp.getmozo.comcdn.reasonlabs.comextgw.mozoapi.comextgw.mozointernal.netfb.mefeross.orggithub.cominsights.onlinesecurityext.comjquery.orgjqueryui.comlocalhostlp.getmozo.comonlinesecurity-app.comreactjs.orgwww.instagram.com