Adguard Adblocker

Name: Security Analysis: Adguard Adblocker
Item: Adguard Adblocker
Rating: 5
Author: ChromeBoard

🔍 Security Report Available

👥 16M+ users

📦 v5.3.0.16

💾 27.36MiB

📅 2026-02-20

View on Chrome Web Store

Chrome will indicate if you already have this installed.

Overview

AdGuard ad blocker effectively blocks all types of ads on all web pages, even on Facebook, YouTube and others!

What AdGuard ad blocker does:

• Blocks all ads: video ads (includes YouTube adblock), rich media advertising, unwanted pop-ups, banners and text ads (includes Facebook adblock)
• Speeds up page loading and saves bandwidth, thanks to the missing ads and pop-up windows
• Protects your privacy by blocking common third-party tracking systems
• Blocks many spyware, adware, and dialer installers
• Protects you from malware and phishing

What are the advantages of AdGuard over Adblock or Adblock Plus?

• AdGuard ad blocker is really fast and lightweight. It uses half as much memory as other popular solutions: Adblock, Adblock Plus, and even outperforms uBlock Adblocker in some tests
• AdGuard can handle most of the adblock circumvention scripts
• AdGuard is simply better looking and modern (in our opinion)

How can AdGuard ad blocker protect your privacy?

Privacy protection is one of the main goals! Just enable the "AdGuard Tracking Protection filter" in AdGuard settings. It completely removes all forms of tracking from the Internet. AdGuard has one of the largest tracker filter lists containing more than 10,000 rules. It is even larger than the databases of Ghostery® and Disconnect.

How to remove social media widgets with AdGuard?

Tired of all the “Like” buttons and similar widgets infesting all of your frequented web pages? Just enable AdGuard "Social media filter" and forget about them.

How can AdGuard ad blocker protect you from online threats?

At the moment we’ve got more than 2,000,000 harmful websites on record. AdGuard can block domains known to spread malware, protecting your computer against viruses, Trojan horses, worms, spyware, and adware. AdGuard really lowers the risk of virus infections and prohibits access to harmful websites to prevent potential attacks.

Crypto-jacking protection

We did comprehensive research on crypto-jacking and, as a result, AdGuard can reliably block most of the known crypto-jackers including CoinHive. You can also add some open source filters like NoCoin which will give you an additional layer of protection.

Why does AdGuard require permissions?

"Access your data for all websites" and "Access browser tabs": both permissions are necessary for AdGuard to apply all kinds of cosmetic processing to the pages' content. Naive ad blocking would simply block ad servers, and leave broken elements and first-party ads on the pages. AdGuard applies special cosmetic rules to make pages look clean and tidy.

"Access browser activity during navigation": this permission is necessary to keep track of navigation events in order to apply rules when the time is right.

Release notes:
https://github.com/AdguardTeam/AdguardBrowserExtension/releases

Free and Open Source:
https://github.com/AdguardTeam/AdguardBrowserExtension

Privacy Practices

✓ Not being sold to third parties, outside of the approved use cases

✓ Not being used or transferred for purposes that are unrelated to the item's core functionality

✓ Not being used or transferred to determine creditworthiness or for lending purposes

🔄 New version v5.3.0.16 detected — scan automatically queued.

Version:

Security Analysis — Adguard Adblocker

Analyzed v5.3.0.22 · Mar 7, 2026 · 58 JS files · 23062 KB scanned

Permissions

Code Patterns Detected

External Connections

github.com www.gnu.org tc39.es tc39.github.io adguard.app developer.mozilla.org www.w3.org adguard.com kb.adguard.com developer.chrome.com help.adblockplus.org bugs.chromium.org +8 more

Package Contents 247 files · 130.4MB

▾📁_locales2.4MB

▾📁ar62KB

{}messages.json62KB

▾📁be66KB

{}messages.json66KB

▾📁bg68KB

{}messages.json68KB

▾📁bn

{}messages.json284B

▾📁ca47KB

{}messages.json47KB

▾📁cs53KB

{}messages.json53KB

▾📁da51KB

{}messages.json51KB

▾📁de53KB

{}messages.json53KB

▾📁el71KB

{}messages.json71KB

▾📁en50KB

{}messages.json50KB

▾📁es53KB

{}messages.json53KB

▾📁es_41953KB

{}messages.json53KB

▾📁et52KB

{}messages.json52KB

▾📁fa63KB

{}messages.json63KB

▾📁fi53KB

{}messages.json53KB

▾📁fil

{}messages.json284B

▾📁fr55KB

{}messages.json55KB

▾📁he57KB

{}messages.json57KB

▾📁hi77KB

{}messages.json77KB

▾📁hr52KB

{}messages.json52KB

▾📁hu55KB

{}messages.json55KB

▾📁hy67KB

{}messages.json67KB

▾📁id52KB

{}messages.json52KB

▾📁it53KB

{}messages.json53KB

▾📁ja60KB

{}messages.json60KB

▾📁kn

{}messages.json284B

▾📁ko54KB

{}messages.json54KB

▾📁lt53KB

{}messages.json53KB

▾📁lv

{}messages.json284B

▾📁mk68KB

{}messages.json68KB

▾📁mk-MK

{}messages.json284B

▾📁ms52KB

{}messages.json52KB

▾📁nb51KB

{}messages.json51KB

▾📁nl53KB

{}messages.json53KB

▾📁pl53KB

{}messages.json53KB

▾📁pt_BR53KB

{}messages.json53KB

▾📁pt_PT53KB

{}messages.json53KB

▾📁ro53KB

{}messages.json53KB

▾📁ru65KB

{}messages.json65KB

▾📁sk54KB

{}messages.json54KB

▾📁sl52KB

{}messages.json52KB

▾📁sr52KB

{}messages.json52KB

▾📁sv52KB

{}messages.json52KB

▾📁ta

{}messages.json284B

▾📁te

{}messages.json284B

▾📁th75KB

{}messages.json75KB

▾📁tr53KB

{}messages.json53KB

▾📁uk65KB

{}messages.json65KB

▾📁vi57KB

{}messages.json57KB

▾📁zh_CN49KB

{}messages.json49KB

▾📁zh_TW50KB

{}messages.json50KB

▾📁_metadata35KB

{}verified_contents.json35KB

▾📁assets1.1MB

▾📁css145KB

▾📁devtools43KB

🎨custom.css560B

🎨dark.css3KB

🎨elementsPanel.css16KB

🎨inspectorCommon.css4KB

🎨inspectorStyle.css11KB

🎨inspectorSyntaxHighlight.css5KB

🎨sidebarPane.css3KB

🎨alert-container.css357B

🎨alert-popup.css30KB

🎨c3.css3KB

🎨fonts.css767B

🎨layout.css1KB

🎨log.css8KB

🎨main.css83B

🎨nanobar.css237B

🎨rules-limits-container.css392B

🎨rules-limits-popup.css4KB

🎨style.css53KB

🎨update-container.css358B

▾📁fonts712KB

🔤Roboto-Flex-Regular.woff2712KB

▾📁icons12KB

🖼loading-19.png662B

🖼loading-38.png1KB

🖼newyear25-off-19.png340B

🖼newyear25-off-38.png492B

🖼newyear25-on-19.png358B

🖼newyear25-on-38.png511B

🖼off-19.png410B

🖼off-38.png702B

🖼on-128.png3KB

🖼on-16.png480B

🖼on-19.png564B

🖼on-38.png955B

🖼update-available-19.png553B

🖼update-available-38.png890B

🖼warning-19.png471B

🖼warning-38.png797B

▾📁images103KB

🖼alert.svg2KB

🖼app-store.svg23KB

🖼arrow-down-grey.svg892B

🖼arrow-down.svg752B

🖼avatar.svg5KB

🖼checked.svg891B

🖼chrome.svg2KB

🖼cross.svg677B

🖼dropbox.svg1KB

🖼filters.svg6KB

🖼google-play.svg5KB

🖼hero-green.svg14KB

🖼hero-red.svg11KB

🖼link.svg337B

🖼logo-dark.svg4KB

🖼logo-shield.svg776B

🖼logo.svg4KB

🖼newyear25.svg16KB

🖼reload-ico-green.svg660B

🖼reload-ico.svg2KB

🖼shield.svg379B

🖼tick.svg860B

🖼toggler-bg.svg2KB

🖼trash.svg482B

▾📁js2KB

📜preload-theme.js2KB

▾📁videos185KB

📄loading.webm185KB

▾📁filters104.7MB

▾📁declarative102.7MB

▾📁ruleset_035KB

{}ruleset_0.json35KB

▾📁ruleset_12MB

{}ruleset_1.json2MB

▾📁ruleset_10129KB

{}ruleset_10.json129KB

▾📁ruleset_103181KB

{}ruleset_103.json181KB

▾📁ruleset_10575KB

{}ruleset_105.json75KB

▾📁ruleset_108275KB

{}ruleset_108.json275KB

▾📁ruleset_109396KB

{}ruleset_109.json396KB

▾📁ruleset_11756KB

{}ruleset_11.json756KB

▾📁ruleset_110152KB

{}ruleset_110.json152KB

▾📁ruleset_11150KB

{}ruleset_111.json50KB

▾📁ruleset_112232KB

{}ruleset_112.json232KB

▾📁ruleset_120621KB

{}ruleset_120.json621KB

▾📁ruleset_13670KB

{}ruleset_13.json670KB

▾📁ruleset_162.5MB

{}ruleset_16.json2.5MB

▾📁ruleset_17461KB

{}ruleset_17.json461KB

▾📁ruleset_182MB

{}ruleset_18.json2MB

▾📁ruleset_191.7MB

{}ruleset_19.json1.7MB

▾📁ruleset_219MB

{}ruleset_2.json19MB

▾📁ruleset_20271KB

{}ruleset_20.json271KB

▾📁ruleset_202163KB

{}ruleset_202.json163KB

▾📁ruleset_203171KB

{}ruleset_203.json171KB

▾📁ruleset_2081.9MB

{}ruleset_208.json1.9MB

▾📁ruleset_21884KB

{}ruleset_21.json884KB

▾📁ruleset_214150KB

{}ruleset_214.json150KB

▾📁ruleset_216582KB

{}ruleset_216.json582KB

▾📁ruleset_217410KB

{}ruleset_217.json410KB

▾📁ruleset_21860KB

{}ruleset_218.json60KB

▾📁ruleset_22292KB

{}ruleset_22.json292KB

▾📁ruleset_2242.7MB

{}ruleset_224.json2.7MB

▾📁ruleset_227497KB

{}ruleset_227.json497KB

▾📁ruleset_23771KB

{}ruleset_23.json771KB

▾📁ruleset_233140KB

{}ruleset_233.json140KB

▾📁ruleset_235474KB

{}ruleset_235.json474KB

▾📁ruleset_238109KB

{}ruleset_238.json109KB

▾📁ruleset_243556KB

{}ruleset_243.json556KB

▾📁ruleset_249403KB

{}ruleset_249.json403KB

▾📁ruleset_25241KB

{}ruleset_252.json41KB

▾📁ruleset_2531.5MB

{}ruleset_253.json1.5MB

▾📁ruleset_254128KB

{}ruleset_254.json128KB

▾📁ruleset_25519.6MB

{}ruleset_255.json19.6MB

▾📁ruleset_256332KB

{}ruleset_256.json332KB

▾📁ruleset_2571.3MB

{}ruleset_257.json1.3MB

▾📁ruleset_2594MB

{}ruleset_259.json4MB

▾📁ruleset_330.2MB

{}ruleset_3.json30.2MB

▾📁ruleset_41MB

{}ruleset_4.json1MB

▾📁ruleset_513KB

{}ruleset_5.json13KB

▾📁ruleset_61.2MB

{}ruleset_6.json1.2MB

▾📁ruleset_71.1MB

{}ruleset_7.json1.1MB

▾📁ruleset_8202KB

{}ruleset_8.json202KB

▾📁ruleset_9579KB

{}ruleset_9.json579KB

{}filters_i18n.json1020KB

📜local_script_rules.js740KBlarge

{}local_script_rules.json308KB

▾📁pages14.7MB

▾📁blocking540KB

🌐blocked.html109KB

📜blocked.js430KBlarge

📜assistant-inject.js721KBlarge

📜background.js7.2MBlarge

📜content-script-end.js59KBlarge

📜content-script-start.js477KBlarge

🌐devtools-elements-sidebar.html3KB

📜devtools-elements-sidebar.js121KBlarge

🌐devtools.html385B

📜devtools.js39KB

🌐filtering-log.html980B

📜filtering-log.js1.4MBlarge

🌐fullscreen-user-rules.html1KB

📜fullscreen-user-rules.js603KBlarge

📜gpc.js4KB

📜hide-document-referrer.js4KB

🌐options.html1KB

📜options.js1.1MBlarge

🌐popup.html514B

📜popup.js1.7MBlarge

🌐post-install.html1KB

📜post-install.js253KBlarge

📜subscribe.js115KBlarge

📜thankyou.js324KBlarge

▾📁shared1.8MB

📜editor.js1.8MBlarge

▾📁vendors5.4MB

📜agtree.js607B

📜css-tokenizer.js78KBlarge

📜mobx.js172KBlarge

📜react.js133KBlarge

📜scriptlets.js650B

📜text-encoding-polyfill.js619KBlarge

📜tsurlfilter-declarative-converter.js828KBlarge

📜tsurlfilter.js2.2MBlarge

📜tswebextension.js1.2MBlarge

📜xstate.js148KBlarge

▾📁web-accessible-resources258KB

▾📁redirects117KB

🖼1x1-transparent.gif37B

🖼2x2-transparent.png68B

🖼32x32-transparent.png83B

🖼3x2-transparent.png68B

📜amazon-apstag.js2KB

📜ati-smarttag.js3KB

🌐click2load.html9KB

📜didomi-loader.js6KB

📜fingerprintjs.js3KB

📜fingerprintjs2.js2KB

📜fingerprintjs3.js2KB

📜gemius.js2KB

📜google-analytics-ga.js5KB

📜google-analytics.js5KB

📜google-ima3.js22KB

📜googlesyndication-adsbygoogle.js4KB

📜googletagservices-gpt.js16KB

📜matomo.js2KB

📜metrika-yandex-tag.js4KB

📜metrika-yandex-watch.js3KB

📜naver-wcslog.js1KB

📜noeval.js2KB

🎨noopcss.css0B

🌐noopframe.html81B

📜noopjs.js17B

{}noopjson.json2B

📄noopmp3.mp3813B

📄noopmp4.mp44KB

📜nooptext.js0B

📄noopvast02.xml27B

📄noopvast03.xml27B

📄noopvast04.xml27B

📄noopvmap01.xml85B

📜pardot-1.0.js2KB

📜prebid-ads.js1KB

📜prebid.js3KB

📜prevent-bab.js4KB

📜prevent-bab2.js2KB

📜prevent-fab-3.2.0.js3KB

📜prevent-popads-net.js2KB

📜scorecardresearch-beacon.js2KB

📜set-popads-dummy.js2KB

📄redirects.yml140KB

{}manifest.json11KB

📜runtime.js8KB

What This Extension Does

Adguard Adblocker is a popular extension that blocks ads, pop-ups, and tracking systems on websites. It also speeds up page loading and saves bandwidth. This extension is suitable for users who want to protect their online privacy and reduce ad clutter.

Permissions Explained

tabsexpected: This permission allows the extension to access your browsing history and current tabs.
Technical: The extension uses this API to inject content scripts into web pages, monitor navigation events, and apply cosmetic rules.
webRequestexpected: This permission allows the extension to intercept and modify HTTP requests from your browser.
Technical: The extension uses this API to block ad servers, tracking scripts, and malware domains. It also injects content scripts into web pages using this permission.
webNavigationexpected: This permission allows the extension to monitor navigation events in your browser.
Technical: The extension uses this API to apply rules when the time is right, such as blocking ad servers or tracking scripts.
storageexpected: This permission allows the extension to store data locally on your device.
Technical: The extension uses this API to store its configuration, filter lists, and other settings. It also stores cookies and tokens for tracking purposes.
unlimitedStorageexpected: This permission allows the extension to store an unlimited amount of data locally on your device.
Technical: The extension uses this API to store its large filter lists, which contain over 10,000 rules for tracking and ad blocking.
contextMenusexpected: This permission allows the extension to create custom context menus in your browser.
Technical: The extension uses this API to provide users with options for blocking ads, tracking scripts, and malware domains.
cookiesexpected: This permission allows the extension to access cookies on your device.
Technical: The extension uses this API to store cookies for tracking purposes, such as storing user preferences and login information.
declarativeNetRequestexpected: This permission allows the extension to inject content scripts into web pages using a declarative API.
Technical: The extension uses this API to block ad servers, tracking scripts, and malware domains. It also injects content scripts into web pages using this permission.
declarativeNetRequestFeedbackexpected: This permission allows the extension to provide feedback on network requests.
Technical: The extension uses this API to provide users with information about blocked ad servers, tracking scripts, and malware domains.
scriptingexpected: This permission allows the extension to execute JavaScript code in your browser.
Technical: The extension uses this API to inject content scripts into web pages, which can potentially introduce security risks if compromised.
userScriptsexpected: This permission allows the extension to execute user-provided JavaScript code in your browser.
Technical: The extension uses this API to provide users with options for customizing their ad blocking and tracking protection settings.
privacycheck this: This permission allows the extension to access your browsing history and other sensitive information.
Technical: The extension uses this API to provide users with options for blocking ads, tracking scripts, and malware domains. It also stores cookies and tokens for tracking purposes. ⚠ 1
<all_urls>check this: This permission allows the extension to access all URLs on your device.
Technical: The extension uses this API to block ad servers, tracking scripts, and malware domains. It also injects content scripts into web pages using this permission. ⚠ 1

Your Data

Adguard Adblocker accesses your browsing history, cookies, and other sensitive information to provide ad blocking and tracking protection. It also sends data to its servers for filtering purposes.

Technical Details

The extension contacts the following domains: github.com, www.gnu.org, tc39.es, tc39.github.io, adguard.app, developer.mozilla.org, www.w3.org, adguard.com, kb.adguard.com, developer.chrome.com, help.adblockplus.org, bugs.chromium.org. It uses HTTPS for secure communication and stores cookies and tokens for tracking purposes.

Code Findings

Function constructor used — dynamic code executionHigh

This extension uses the function constructor to execute dynamic code, which can potentially introduce security risks if compromised.

Technical: The extension uses the function constructor in its content script to inject custom JavaScript code into web pages. This can be used for malicious purposes if an attacker gains access to the extension's code.

💡 Legitimate extensions use this pattern to provide users with options for customizing their ad blocking and tracking protection settings.

setTimeout with string (dynamic code)High

This extension uses setTimeout with a string argument, which can potentially introduce security risks if compromised.

Technical: The extension uses setTimeout in its content script to execute dynamic code. This can be used for malicious purposes if an attacker gains access to the extension's code.

💡 Legitimate extensions use this pattern to provide users with options for customizing their ad blocking and tracking protection settings.

innerHTML assignment — potential XSS vectorMedium

This extension uses innerHTML assignment, which can potentially introduce a cross-site scripting (XSS) vulnerability if compromised.

Technical: The extension uses innerHTML assignment in its content script to inject custom HTML code into web pages. This can be used for malicious purposes if an attacker gains access to the extension's code.

💡 Legitimate extensions use this pattern to provide users with options for customizing their ad blocking and tracking protection settings.

String.fromCharCode (obfuscation)Medium

This extension uses String.fromCharCode, which can be used for obfuscating code.

Technical: The extension uses String.fromCharCode in its content script to encode custom JavaScript code. This can make it harder for users to understand the extension's behavior.

💡 Legitimate extensions use this pattern to provide users with options for customizing their ad blocking and tracking protection settings.

charCodeAt (obfuscation)Medium

This extension uses charCodeAt, which can be used for obfuscating code.

Technical: The extension uses charCodeAt in its content script to encode custom JavaScript code. This can make it harder for users to understand the extension's behavior.

💡 Legitimate extensions use this pattern to provide users with options for customizing their ad blocking and tracking protection settings.

Uses Fetch APIInfo

This extension uses the Fetch API to make HTTP requests.

Technical: The extension uses the Fetch API in its content script to make HTTP requests for filtering purposes. This is a legitimate use of the API.

💡 1

Creates iframe elementsMedium

This extension creates iframe elements, which can potentially introduce security risks if compromised.

Technical: The extension creates iframe elements in its content script to inject custom HTML code into web pages. This can be used for malicious purposes if an attacker gains access to the extension's code.

💡 Legitimate extensions use this pattern to provide users with options for customizing their ad blocking and tracking protection settings.

Sets up event listenersInfo

This extension sets up event listeners to monitor navigation events in your browser.

Technical: The extension uses the webNavigation API to set up event listeners for monitoring navigation events. This is a legitimate use of the API.

💡 1

Bottom Line

Adguard Adblocker is a popular extension that provides effective ad blocking and tracking protection. However, it has some security concerns due to its use of dynamic code execution, setTimeout with string arguments, and potential XSS vulnerabilities. Users should exercise caution when installing this extension and regularly review its permissions and behavior.