Is SEOquake safe to use?

SEOquake has a risk level of MEDIUM with an overall risk score of 4.4/10. Our scan detected 50 security findings. This extension has some risks worth reviewing.

What permissions does SEOquake request?

SEOquake requests the following permissions: contextMenus, storage, scripting, tabs. It also requests host access to: *://*/*, http://*/*, https://*/*, http://ipv4.google.com/sorry/IndexRedirect*, https://ipv4.google.com/sorry/IndexRedirect*, http://ipv4.google.com/sorry/index*, https://ipv4.google.com/sorry/index*, *://*.yandex.ru/showcaptcha*, *://yandex.ru/showcaptcha*, *://*.yandex.ua/showcaptcha*, *://yandex.ua/showcaptcha*, *://*.yandex.by/showcaptcha*, *://yandex.by/showcaptcha*, *://*.yandex.kz/showcaptcha*, *://yandex.kz/showcaptcha*, *://*.yandex.com/showcaptcha*, *://yandex.com/showcaptcha*, *://*.yandex.com.tr/showcaptcha*, *://yandex.com.tr/showcaptcha*, http://localhost:8000/oauth2/success*, https://auth.rc.semrush.net/oauth2/success*, https://oauth.semrush.com/oauth2/success*.

What is SEOquake's risk score?

SEOquake has an overall risk score of 4.4/10 (MEDIUM). Breakdown: Permissions 7.0/10, Code 7.1/10, Combinations 10.0/10, CSP 1.7/10.

ExtSafe

SEOquakeSecurity Analysis

Chromev3.13.4MV3February 18, 2026 at 11:53 AM

Use with caution

This extension requests significant permissions. It has 1M+ users, a 4.3 star rating, is published by Semrush Inc., but review the findings below.

4.4MEDIUM

4.4 MEDIUMRaw: 6.8

This extension shows some risk signals that are common in legitimate extensions but worth reviewing. Check the details below.

Based on 26 permissions including high-risk ones, 26 code findings, 1 dangerous combination.

Trust Signals(6.0/10)

Users

1.0M

Rating

4.3(3K reviews)

Developer

Semrush Inc.

Status

Featured

Dangerous Combinations(1)

CRITICALAll-sites access + keyboard capture

Extension has access to all sites and captures keyboard input — behavior consistent with a keylogger.

<all_urls>+keylogger_pattern

Permissions

7.0/10

Code

7.1/10

Combinations

10.0/10

Manifest/CSP

1.7/10

Permissions(26 analyzed)

Code Findings(10 patterns, 26 total)

Content Security Policy

No CSP Defined(1 issue)

MEDIUM

N/ANo CSP defined

This extension does not define a Content Security Policy. A CSP helps prevent XSS and code injection attacks.

Manifest Analysis(0 findings)

Resolved from __MSG_* i18n placeholders:

Name: SEOquake

Description: SEOquake is a free plugin that provides you with key SEO metrics, along with other useful tools such as SEO Audit and many others

No manifest-level concerns found.

External Domains(21)

.*api.pinterest.combl.publicapi.semrush.comen.wikipedia.orgforms.glegoo.glkb.acronis.comlocalhostoauth.semrush.comschema.orgsearch.yahoo.comseoquake.publicapi.semrush.comunix.stackexchange.comwebcache.googleusercontent.comwebmaster.yandex.ruwhois.domaintools.comwww.baidu.comwww.bing.comwww.semrush.comwww.seoquake.comwww.yandex.ru