CRXaminer

[ new scan ] [ statistics ] [ github ] [ twitter ] [ help ]

Version 3.2.1.1001 View in Chrome Web Store

Last scanned: about 8 hours ago

Extension Details

Context-Aware Verdict

CRITICAL

Overall Risk

Based on 8 total findings, including 5 high-risk findings.

Findings

HIGH

Broad Host Permissions

This extension has broad host permissions allowing it to access many or all websites. This could potentially be used to steal sensitive data or track browsing activity.

HIGH

High-Risk Permission: history

This extension has the history permission. Can access your browsing history. This could potentially be used maliciously to compromise security or privacy.

HIGH

High-Risk Permission: identity

This extension has the identity permission. Can access your identity information. This could potentially be used maliciously to compromise security or privacy.

HIGH

High-Risk Permission: tabs

This extension has the tabs permission. Can access browser tab information and manipulate tabs. This could potentially be used maliciously to compromise security or privacy.

HIGH

High-Risk Permission: webNavigation

This extension has the webNavigation permission. Can track your web navigation. This could potentially be used maliciously to compromise security or privacy.

MEDIUM

Medium-Risk Permission: activeTab

This extension has the activeTab permission. Can access the active tab when clicking the extension icon.

MEDIUM

Medium-Risk Permission: notifications

This extension has the notifications permission. Can show notifications.

MEDIUM

Medium-Risk Permission: storage

This extension has the storage permission. Can store data locally.

Security Analysis Details

Required Permissions:

loginState
background
identity
identity.email
desktopCapture
storage
system.display
notifications
tabs
activeTab
alarms
offscreen
webNavigation
history

Host Permissions:

*://*/*
<all_urls>

Content Security Policy:

extension_pages: script-src 'self'; object-src 'self';

Embedded URLs (35 total):

https://webpack.js.org/configuration/resolve/#resolvemainfields	https://github.com/rollup/@rollup/plugin-node-resolve
https://console.firebase.google.com/.	https://securetoken.google.com/
https://stackoverflow.com/q/56496296/110915	https://jssig-c7900.firebaseio.com
https://fonts.googleapis.com/css?family=Lato:400	https://www.google.com/search?q=
https://accounts.google.com/o/	https://accounts.google.com/signin/oauth/
https://admin.google.com/ServiceNotAllowed/	https://accounts.google.co.jp/accounts/
https://accounts.google.com/ServiceLogin/	https://accounts.google.com/signin/v2/
https://accounts.google.com/signin/v3/	https://accounts.google.com/v3/signin/
https://drive.google.com/	https://mail.google.com/
https://docs.google.com/	https://calendar.google.com/
https://chat.google.com/	https://meet.google.com/
https://sites.google.com/	https://groups.google.com/
https://photos.google.com/	https://hangouts.google.com/
https://keep.google.com/	https://jamboard.google.com/
https://classroom.google.com/	https://canvas.apps.chrome/
https://www.google.com/url	https://storage.googleapis.com/jsc-wb-download/js6RebootingClient01.html
https://collabm24.web.app/	https://asia-northeast2-jsc23-7b296.cloudfunctions.net/
https://clients2.google.com/service/update2/crx

Raw Manifest

{
  "key": "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAknYs9Rk7vklYS7X2jFCAmvzrYO5g2VDsjTU4+OyiXGLg26ZvEm4m4g6DoXs4ntf3pVW2OThxkeGzFkmtMHQSven0Ped6rHZLRjiX9rIuskprd/EQ5TxzTik74ogI13PiABdy3zjAuVBqVzDHBWRA/BuVpGT7TREC4/yuEfsMFwkGllerQLvHzy14KqrSgIeoomZKFhwxcyPaG4bxihT6nGtRx41QT39CRcYEcrqG+HbEqssYpGyQlIdrO/ILpu1WUjre3cpyuCKbS1u/pX2dIm7ISlLhi7dZyqn8Ij628h5zKCBU3otf1lwyfN+tW6kcMNw8xNvANrcVGMliPIa+5wIDAQAB",
  "name": "Win Bird 授業支援 クライアント",
  "icons": {
    "48": "assets/icon48.png",
    "128": "assets/icon128.png"
  },
  "action": {
    "default_icon": "assets/icon48.png",
    "default_popup": "popup.html",
    "default_title": "Win Bird 授業支援クライアント"
  },
  "storage": {
    "managed_schema": "schema.json"
  },
  "version": "3.2.1.1001",
  "background": {
    "service_worker": "background.js"
  },
  "update_url": "https://clients2.google.com/service/update2/crx",
  "description": "授業を強力に支援する数々の機能を提供し、IT教育をバックアップいたします。",
  "permissions": [
    "loginState",
    "background",
    "identity",
    "identity.email",
    "desktopCapture",
    "storage",
    "system.display",
    "notifications",
    "tabs",
    "activeTab",
    "alarms",
    "offscreen",
    "webNavigation",
    "history"
  ],
  "default_locale": "ja",
  "host_permissions": [
    "*://*/*",
    "<all_urls>"
  ],
  "manifest_version": 3,
  "externally_connectable": {
    "ids": [
      "ajhcdhigekedagafngphjkdbcmfbfhbm"
    ],
    "matches": [
      "https://collabm24.web.app/*",
      "*://127.0.0.1/*",
      "*://localhost/*"
    ]
  },
  "content_security_policy": {
    "extension_pages": "script-src 'self'; object-src 'self';"
  }
}

by ✦ Astarte

Extension Details

Context-Aware Verdict

Findings

Security Analysis Details

Required Permissions:

Host Permissions:

Content Security Policy:

Embedded URLs (35 total):

Raw Manifest

Detections

Manifest Findings