Is HID Credential Management Extension safe?

Medium risk

Enterprise credential management extension with postMessage vulnerability allowing untrusted page access to native messaging interface. While scoped to specific enterprise domains, lacks origin validation on message handlers.

hid-global-chrome-web-storev4.0.0.307Chrome Web Store
45Risk

AI-generated. Findings may contain errors. Those marked Verified have been manually reviewed.

Publishers can request a review.

Findings

Updated 18 May 2026ncphcdigcdkjeagemagmchkgommoifjd