Extension Details
Context-Aware Verdict
The extension is published by Air Miles España, S.A., which appears to be a legitimate loyalty program company. However, the extremely low rating of 1.8 out of 5 stars from 54 reviews is a major red flag, suggesting significant user dissatisfaction or potential issues with the extension's functionality or behavior. With 20,000 users, it has moderate adoption but the poor reviews indicate serious problems.
The combination of broad host permissions (<all_urls>) with tabs permission creates a particularly concerning security profile. This allows the extension to access and potentially manipulate content on every website you visit, not just shopping sites where it would be expected to function. The tabs permission enables monitoring of your browsing activity across all tabs. For a shopping/travel extension, these permissions seem excessive and unnecessary. The storage permission, while common, combined with the broad access could enable extensive data collection about your browsing habits and personal information.
Given the high risk profile and terrible user reviews, I strongly recommend avoiding this extension entirely. If you must use it for Air Miles benefits, run it in a completely separate Chrome profile dedicated only to shopping activities. Regularly review what data the extension has access to and consider alternative methods for accessing Air Miles benefits, such as using their website directly. The poor ratings suggest the extension may not even function properly, making the security risks unjustifiable.
Findings
Security Analysis Details
Required Permissions:
- storage
- scripting
- tabs
- activeTab
- alarms
Host Permissions:
- <all_urls>
Embedded URLs (19 total):
| https://cdnjs.cloudflare.com/ajax/libs/bootstrap-icons/1.11.3/font/bootstrap-icons.min.css | https://travelclub.s3.eu-west-1.amazonaws.com/imagenes/extension-tvc/logos/img_tarjetas_travelclub.png | |
| https://travelclub.s3.eu-west-1.amazonaws.com/imagenes/extension-tvc/logos/img_tarjetas_repspol.png | https://travelclub.s3.eu-west-1.amazonaws.com/imagenes/extension-tvc/logos/img_tarjetas_eroski.png | |
| https://www.travelclub.es/tiendas-online/categoria/moda-y-complementos | https://www.travelclub.es/tiendas-online/categoria/hogar | |
| https://www.travelclub.es/tiendas-online/categoria/belleza-y-salud | https://www.travelclub.es/tiendas-online/categoria/viajes | |
| https://www.travelclub.es/tiendas-online/index.html | https://getbootstrap.com/ | |
| https://github.com/twbs/bootstrap/blob/main/LICENSE | http://www.w3.org/2000/svg | |
| https://github.com/twbs/bootstrap/graphs/contributors | https://popper.js.org | |
| https://local.travelclub.es/es/travelclub/ServicesTON.cfc?method=getTiendas&origen=barra | https://www.travelclub.es/es/travelclub/ServicesTON.cfc?method=getTiendas&origen=barra | |
| https://local.travelclub.es/recorder/cfc/recorder.cfc | https://www.travelclub.es/recorder/cfc/recorder.cfc | |
| https://clients2.google.com/service/update2/crx |
Raw Manifest
{ "name": "Compras online Travel Club", "icons": { "16": "./assets/img/logo16.png", "32": "./assets/img/logo32.png", "48": "./assets/img/logo48.png", "128": "./assets/img/logo128.png" }, "action": { "default_icon": "./assets/img/logo-gray.png", "default_popup": "popup.html" }, "version": "2.0.0", "background": { "type": "module", "service_worker": "background.js" }, "update_url": "https://clients2.google.com/service/update2/crx", "description": "Extensión Travel Club: suma puntos con tus compras y viajes online en más de 200 tiendas con un simple clic.", "permissions": [ "storage", "scripting", "tabs", "activeTab", "alarms" ], "host_permissions": [ "<all_urls>" ], "manifest_version": 3 }
ⓘ CRXaminer has partnered with our friends at Secure Annex to provide additional findings unique to their platform.
Secure Annex also analyzes extensions from other browsers, IDEs, and can continuously monitor.
This extension may not yet be analyzed by Secure Annex.