ExtSafe

Privacy BadgerSecurity Analysis

Chromev2025.12.9MV3February 18, 2026 at 12:01 PM
Potentially unsafe

This extension shows concerning patterns that may indicate risky behavior. Proceed with caution.

5.7MEDIUM
5.7 MEDIUMRaw: 8.7

This extension shows some risk signals that are common in legitimate extensions but worth reviewing. Check the details below.

Based on 398 permissions including high-risk ones, 77 code findings, 2 dangerous combinations.

Trust Signals(6.0/10)

Users
1.0M
Rating
4.4(2K reviews)
Developer
Electronic Frontier Foundation
Status
Featured

Dangerous Combinations(2)

CRITICALNetwork interception + external communication

Extension intercepts network traffic and sends data externally — potential man-in-the-middle behavior.

webRequest/webRequestBlocking+external network request
CRITICALAll-sites access + keyboard capture

Extension has access to all sites and captures keyboard input — behavior consistent with a keylogger.

<all_urls>+keylogger_pattern
Permissions
8.0/10
Code
9.7/10
Combinations
10.0/10
Manifest/CSP
5.8/10

Permissions(398 analyzed)

Code Findings(14 patterns, 77 total)

Libraries(9 detected)

9 libraries detected

Content Security Policy

No CSP Defined(1 issue)
MEDIUM
N/ANo CSP defined

This extension does not define a Content Security Policy. A CSP helps prevent XSS and code injection attacks.

Manifest Analysis(3 findings)

Resolved from __MSG_* i18n placeholders:

Name: Privacy Badger

Description: Automatically learns to block hidden trackers. Made by leading digital rights nonprofit EFF to stop companies from spying on you.

MEDIUM
web_accessible_resources.matchesOverly broad match patterns

Web-accessible resources use <all_urls> or wildcard patterns, exposing resources to every website.

HIGH
content_scriptsAggressive content script injection

Content script runs at document_start in ALL frames on ALL URLs. This gives the extension deep access to every page load, including iframes.

MEDIUM
content_scriptsContent script injected on all URLs

Content script matches <all_urls>, executing on every website the user visits.

External Domains(57)

${domain${pattern*addons.mozilla.orgaddons.opera.comapi.jqueryui.comblogs.msdn.combsky.appbugs.chromium.orgbugs.jquery.combugs.webkit.orgbugzilla.mozilla.orgcdn.embedly.comcheckin.avianca.comchromewebstore.google.comcodereview.stackexchange.comconnect.microsoft.comcrbug.comdeveloper.x.comdevelopers.google.comdrafts.csswg.orgembed.bsky.appgithub.comgroups.google.comhtml.spec.whatwg.orgiamceege.github.ioinfra.spec.whatwg.orgissues.chromium.orgjquery.comjquery.orgjqueryui.comjsperf.commastodonshare.commicrosoftedge.microsoft.commths.beprivacybadger.orgpromisesaplus.comrumble.comselect2.github.iostackoverflow.comsupporters.eff.orgtwitter.comwww.bleepingcomputer.comwww.dplay.sewww.eff.orgwww.facebook.comwww.gnu.orgwww.html5rocks.comwww.instagram.comwww.opensource.orgwww.recaptcha.netwww.threads.netwww.tiktok.comwww.vmware.comwww.whatwg.orgwww.youtube.comzoomicon.wordpress.com

Indicators of Compromise

73 indicators of compromise found

File Statistics

167
Total Files
57
JS Files
7.8 MB
Total Size

Other Scanned Extensions

Obsidian Web Clipper
4.8 MEDIUM
ProKeys
5.2 MEDIUM
Save Image As...
3.7 MEDIUM
Image downloader - Imageye
4.2 MEDIUM
uBlock Origin Lite
5.7 MEDIUM
Stream Cleaner
4.3 MEDIUM