Installing the Browser Extension

Cyberhaven uses browser extensions to trace uploads/downloads, clipboard actions, app accounts, and web context. The Browser Extension can be deployed to your endpoints using any of the following methods.

Prerequisites

Browser extensions are typically deployed by policy via your MDM (preferred) or automatically loaded by the Endpoint Sensor where supported.

Requirements

• Supported Browsers and Operating Systems:

  • Chrome: Supported on Windows, macOS, and Linux.
  • Edge: Supported on Windows and macOS.
  • Firefox: Supported on Windows, macOS, and Linux.
  • Safari: Supported on macOS.

• Version Compatibility: Self-hosted Chrome and Edge extensions are supported with Sensor version 25.04 or higher.

Google Chrome

• Sensor version 25.04 and later (self-hosted)
  • Extension ID: hbicflpnhfmdndpibdegbnkkpngjbhfh
  • Update URL: https://<your-domain>.cyberhaven.io/v1/extensions/chromium/update
• Sensor versions before 25.04
  • Manifest V2: dcnmjapddamaigjddfkifoklhnomddkd
  • Manifest V3: pajkjnmeojmbapicmbpliphjmcekeaac

Microsoft Edge

• Sensor version 25.04 and later (self-hosted)
  • Extension ID: hbicflpnhfmdndpibdegbnkkpngjbhfh
• Sensor versions before 25.04
  • Manifest V2: kdkcgeklkcbkkbmboncaiikcemaajfpo
  • Manifest V3: bljneopnmafooddcedbonipbofejklkj

Mozilla Firefox

• Manifest V2: eddf1c58-948d-4e0e-9c42-e611e9050a97

Safari (macOS)

• Distributed via App Store/MDM profile

Browser Version Dependencies

• Chrome Stable channel only
• Manifest V3 requires Endpoint Sensor version 22.05 or higher
• Extension versions depend on Sensor version (25.04+ uses self-hosted extension IDs)

MDM Dependencies (macOS)

• Cyberhaven MDM profile Cyberhaven.mobileconfig version 2.0.6
• Apple VPP account integrated with your MDM (for Safari)
• Sufficient VPP licenses for macOS device fleet management

Required Permissions (summary)

Extensions request standard enterprise monitoring permissions to observe uploads/downloads and clipboard events. Ensure your change advisory process accounts for these prompts where applicable.

• Firefox (self-hosted): allow https://content.cyberhaven.io/browser-extensions/firefox/ in firewalls/proxies to retrieve firefox-latest.xpi.
• Respect enterprise proxy settings; SSL inspection may interfere with store delivery in some environments.

Self-hosted Extension URLs

• Content server: https://content.cyberhaven.io
• Firefox XPI (24.9+ channel): http://content.cyberhaven.io/browser-extensions/firefox-24.9-over/firefox-latest.xpi

Update URLs by Browser

• Chrome/Edge (25.04+ self-hosted): https://<your-domain>.cyberhaven.io/v1/extensions/chromium/update
• Local update URL: https://localhost:10584/api/update

Port Requirements

• Local host communication: TCP 10584 (default for local extension updates)
• Alternate ports can be configured through Cyberhaven Support if 10584 is unavailable

MDM/Policy Requirements

• Chrome/Edge: configure ExtensionInstallForceList/ExtensionSettings via GPO/Intune/Jamf/other MDMs. If a managed policy key such as PolicyDictionaryMultipleSourceMergeList is present, you must deploy the extension via your management solution (the Sensor will not force-load it).
• Firefox: manage via Windows registry (HKLM\Software\Policies\Mozilla\Firefox\ExtensionsSettings) or macOS profile pointing to the self-hosted XPI URL.
• Safari (macOS): deploy via MDM (VPP) or App Store; users must manually enable the extension in Safari per Apple requirements.

Security Exclusions

Add the following URL patterns to firewall/proxy allowlists where applicable:

• http://content.cyberhaven.io/browser-extensions/* (Firefox self-hosted)
• https://<your-domain>.cyberhaven.io/v1/extensions/* (Chrome/Edge self-hosted updates)
• https://localhost:10584/api/update (local update URL)

Endpoint Sensor Communication

Browser extensions communicate locally with the Endpoint Sensor to report activity and apply policies. Ensure the Endpoint Sensor is installed and running on managed endpoints.

• Chrome and Edge extensions only load from their respective stores; side-loading is not supported in managed enterprise mode.
• When Chrome/Edge are managed by an external solution, the Endpoint Sensor will not override your managed settings. Deploy via that solution instead. If management is later removed, contact Support to enable auto-load without reinstall.

Browser-Specific Limitations

• Microsoft Edge Personal Copilot: Blocking not supported at copilot.microsoft.com (personal Copilot). Blocking is supported for enterprise Copilot at m365.cloud.microsoft.com/chat.
• Personal OneDrive documents: Blocking limitations for specific copy/paste actions in personal OneDrive, including right-click “Paste as text only” in Word and right-click “Paste” in plain text documents.

Incognito/Private Mode

• Chrome, Edge, and Firefox do not allow forcing extensions in Incognito/Private windows; users must manually enable the extension. In Incognito/Private mode, only copy-paste actions can be traced; file uploads are blocked, but copy-paste cannot be blocked.

Safari (macOS)

• Users must manually enable the Safari extension after install. Starting with macOS Sequoia, MDMs that support Declarative Device Management can enable/disable Safari App Extensions via declarative configurations; check your MDM documentation.

Platform Support

• Edge: Not supported on Linux
• Firefox: Incognito mode not supported on macOS

Managed Environment

• If the registry key HKEY_USERS\...\PolicyDictionaryMultipleSourceMergeList is present, the installer assumes Chrome/Edge are managed and will not force-load the extension; deploy via your managed solution instead. Proceed to deployment: Browser Extension Installation

Installation instructions for each browser

• Chrome
• Microsoft Edge
• Mozilla Firefox
• Safari
• Troubleshooting