Is Reddit Enhancement Suite safe to use?

Reddit Enhancement Suite has a risk level of HIGH with an overall risk score of 6.2/10. Our scan detected 82 security findings. This extension has significant security concerns — review the full report before installing.

What permissions does Reddit Enhancement Suite request?

Reddit Enhancement Suite requests the following permissions: tabs, history, storage, unlimitedStorage, webRequest, scripting, downloads, geolocation. It also requests host access to: https://*.reddit.com/*.

What is Reddit Enhancement Suite's risk score?

Reddit Enhancement Suite has an overall risk score of 6.2/10 (HIGH). Breakdown: Permissions 8.5/10, Code 8.4/10, Combinations 10.0/10, CSP 2.2/10.

ExtSafe

Reddit Enhancement SuiteSecurity Analysis

Chromev5.24.8MV3February 18, 2026 at 11:48 AM

Potentially unsafe

This extension shows concerning patterns that may indicate risky behavior. Proceed with caution.

6.2HIGH

6.2 HIGHRaw: 7.8

This extension shows significant risk signals. Review the findings below carefully before installing or continuing to use it.

Based on 9 permissions including high-risk ones, 75 code findings, 2 dangerous combinations.

Trust Signals(5.0/10)

Users

1.0M

Rating

4.5(4K reviews)

Status

Featured

Dangerous Combinations(2)

CRITICALNetwork interception + external communication

Extension intercepts network traffic and sends data externally — potential man-in-the-middle behavior.

webRequest/webRequestBlocking+external network request

HIGHHistory access + external communication

Extension reads browsing history and sends data externally — potential history exfiltration.

history+external network request

Permissions

8.5/10

Code

8.4/10

Combinations

10.0/10

Manifest/CSP

2.2/10

Permissions(9 analyzed)

Code Findings(17 patterns, 75 total)

Libraries(2 detected)

2 libraries detected

Content Security Policy

CSP Present(1 issue)

LOW

object-srcobject-src not restricted

object-src is not set to 'none'. Plugins like Flash can be embedded, which may allow code execution.

Manifest Analysis(1 finding)

MEDIUM

web_accessible_resourcesJS files exposed to web pages

JavaScript files are exposed as web-accessible resources. Matched websites can load and interact with extension scripts.

External Domains(47)

${user500px.coma.bime.ioaar.liabout.archilogic.comapi.gfycat.comapi.giphy.comapi.github.comarchive.foarchive.isassetcdn.500px.orgassets-cdn.github.combackend.deviantart.combsky.appcdn.gifs.comcfl.dropboxstatic.comclyp.itcodepen.ioconformance.dashif.orgcoub.comd2cjvbryygm0lr.cloudfront.netdashif.orgderpibooru.orgembed.bsky.appflic.krgamerdvr.comgetyarn.iogfycat.comgifs.comgithub.comhtml.spec.whatwg.orgi.deviantart.netmaps.google.compromisesaplus.comredditenhancementsuite.coms.yimg.comshare.gifyoutube.comstatic1.dmcdn.nettime.akamai.comwww.adultswim.comwww.dailymotion.comwww.facebook.comwww.flickr.comwww.honestbleeps.comwww.reddit.comwww.smpte-ra.orgy