Is Copilot sidebar for Chrome safe?

Medium risk

Extension spoofs Edge browser user-agent and strips security headers (CSP, X-Frame-Options) to embed Microsoft Copilot in Chrome. Has postMessage without origin validation allowing arbitrary iframes to trigger page data extraction.

wong2v2.0.0Chrome Web Store
0Risk

AI-generated. Findings may contain errors. Those marked Verified have been manually reviewed.

Publishers can request a review.

Updated 3 May 2026ncjedehfkpnliaafimjhdjjeggmfmlgf