Is Trellix Endpoint Security Web Control safe to use?

Trellix Endpoint Security Web Control has a risk level of CRITICAL with an overall risk score of 9.3/10. Our scan detected 107 security findings. This extension has significant security concerns — review the full report before installing.

What permissions does Trellix Endpoint Security Web Control request?

Trellix Endpoint Security Web Control requests the following permissions: webRequest, tabs, nativeMessaging, downloads, cookies, storage. It also requests host access to: http://*/*, https://*/*.

What is Trellix Endpoint Security Web Control's risk score?

Trellix Endpoint Security Web Control has an overall risk score of 9.3/10 (CRITICAL). Breakdown: Permissions 10.0/10, Code 10.0/10, Combinations 10.0/10, CSP 3.3/10.

ExtSafe

Trellix Endpoint Security Web ControlSecurity Analysis

Chromev10.7.0.5779MV3February 16, 2026 at 02:57 PM

9.3CRITICAL

9.3 CRITICAL

This extension shows critical risk indicators. It requests highly sensitive permissions combined with suspicious code patterns. Proceed with extreme caution.

Based on 8 permissions including high-risk ones, 100 code findings, 4 dangerous combinations.

Dangerous Combinations(4)

CRITICALCookie access + external network

Extension has cookie access and sends data to external servers — potential session token theft.

cookies+external network request

HIGHTab tracking + external communication

Extension tracks open tabs and communicates with external servers — potential browsing surveillance.

tabs+external network request

CRITICALNetwork interception + external communication

Extension intercepts network traffic and sends data externally — potential man-in-the-middle behavior.

webRequest/webRequestBlocking+external network request

CRITICALNative messaging + dynamic code execution

Extension communicates with native apps and executes dynamic code — potential sandbox escape vector.

nativeMessaging+eval/Function/dynamic code

Permissions

10.0/10

Code

10.0/10

Combinations

10.0/10

Manifest/CSP

3.3/10

Permissions(8 analyzed)

Code Findings(16 patterns, 100 total)

Content Security Policy

CSP Present(1 issue)

LOW

object-srcobject-src not restricted

object-src is not set to 'none'. Plugins like Flash can be embedded, which may allow code execution.

Manifest Analysis(1 finding)

MEDIUM

web_accessible_resourcesJS files exposed to web pages

JavaScript files are exposed as web-accessible resources. Matched websites can load and interact with extension scripts.

External Domains(16)

*bugs.jquery.combugs.webkit.orggithub.comhome.trellix.comjquery.orgjsperf.commathiasbynens.bemothereff.inmsdn.microsoft.commths.besizzlejs.comtrustedsource.orgwww.siteadvisor.comwww.trellix.comwww.youtube.com