Is VPNCity - Fast & Unlimited VPN | Unblocker safe to use?

VPNCity - Fast & Unlimited VPN | Unblocker has a risk level of HIGH with an overall risk score of 7.1/10. Our scan detected 41 security findings. This extension has significant security concerns — review the full report before installing.

What permissions does VPNCity - Fast & Unlimited VPN | Unblocker request?

VPNCity - Fast & Unlimited VPN | Unblocker requests the following permissions: alarms, offscreen, privacy, proxy, storage, webRequest, webRequestAuthProvider. It also requests host access to: https://www.vpncity.com/, .

What is VPNCity - Fast & Unlimited VPN | Unblocker's risk score?

VPNCity - Fast & Unlimited VPN | Unblocker has an overall risk score of 7.1/10 (HIGH). Breakdown: Permissions 8.0/10, Code 8.7/10, Combinations 10.0/10, CSP 3.1/10.

ExtSafe

VPNCity - Fast & Unlimited VPN | UnblockerSecurity Analysis

Chromev2.2.2MV3February 18, 2026 at 12:07 PM

Potentially unsafe

This extension shows concerning patterns that may indicate risky behavior. Proceed with caution.

Known Security Incidents(1)

Critical2024-12Resolved

Compromised in Cyberhaven supply chain attack

Extension was among 35+ extensions compromised in the December 2024 supply chain attack campaign that injected data-stealing code.

7.1HIGH

7.1 HIGHRaw: 7.9

This extension shows significant risk signals. Review the findings below carefully before installing or continuing to use it.

Based on 9 permissions including high-risk ones, 36 code findings, 1 dangerous combination.

Trust Signals(2.5/10)

Users

40K

Rating

4.5(63 reviews)

Developer

INVIZBOX LIMITED

Dangerous Combinations(1)

CRITICALNetwork interception + external communication

Extension intercepts network traffic and sends data externally — potential man-in-the-middle behavior.

webRequest/webRequestBlocking+external network request

Permissions

8.0/10

Code

8.7/10

Combinations

10.0/10

Manifest/CSP

3.1/10

Permissions(9 analyzed)

Code Findings(12 patterns, 36 total)

Libraries(3 detected)

3 libraries detected, 1 with known vulnerabilities

Content Security Policy

No CSP Defined(1 issue)

MEDIUM

N/ANo CSP defined

This extension does not define a Content Security Policy. A CSP helps prevent XSS and code injection attacks.

Manifest Analysis(1 finding)

MEDIUM

content_scriptsContent script injected on all URLs

Content script matches <all_urls>, executing on every website the user visits.

External Domains(10)

${hostblog.vpncity.comgetbootstrap.comgithub.comgo.vpncity.comgroups.google.comissues.chromium.orgpopper.js.orgproxy-logout.vpncity.comwww.vpncity.com