ExtSafe

WA Web Plus by Elbruz TechnologiesSecurity Analysis

Chromev4.9.2.2MV3February 16, 2026 at 03:55 PM
8.3CRITICAL
8.3 CRITICAL

This extension shows critical risk indicators. It requests highly sensitive permissions combined with suspicious code patterns. Proceed with extreme caution.

Based on 20 permissions including high-risk ones, 24 code findings.

Permissions
10.0/10
Code
10.0/10
Combinations
0.0/10
Manifest/CSP
3.3/10

Permissions(20 analyzed)

Code Findings(17 patterns, 24 total)

Content Security Policy

No CSP Defined(1 issue)
MEDIUM
N/ANo CSP defined

This extension does not define a Content Security Policy. A CSP helps prevent XSS and code injection attacks.

Manifest Analysis(1 finding)

Resolved from __MSG_* i18n placeholders:

Description: Add more tools and options for WhatsApp Web for more privacy and reliability.

LOW
externally_connectableExternal messaging enabled

Extension accepts messages from 1 external pattern(s). Verify these are trusted origins.

External Domains(16)

${capi.hubapi.comapi.whatsapp.combit.lychromewebstore.google.comconsole.firebase.google.comcountrycode.orgmaps.google.comredux.js.orgsecuretoken.google.comtranslate.googleapis.comwa-web-plus.web.appwa.mewawplus.comweb.whatsapp.comwhatsapp.com

Indicators of Compromise

27 indicators of compromise found

File Statistics

17
Total Files
3
JS Files
3.2 MB
Total Size

Other Scanned Extensions

Urban VPN Proxy
8.2 CRITICAL
BrowserGPT: ChatGPT Anywhere Powered by GPT 4
8.2 CRITICAL
MyJDownloader Browser Extension
8.4 CRITICAL
__MSG_appName__
8.0 CRITICAL
HARPA AI: Web Automation with ChatGPT, Claude, Gemini, Grok
9.8 CRITICAL
Phantom
9.6 CRITICAL