CRXaminer

[ new scan ] [ statistics ] [ github ] [ twitter ] [ help ]

Version 3.1.3.1001 View in Chrome Web Store

Last scanned: about 6 hours ago

Extension Details

Context-Aware Verdict

CRITICAL

Overall Risk

Trust Factors: This extension presents significant trust concerns due to missing critical information. The absence of a name, description, author details, user count, ratings, and last update date makes it impossible to verify legitimacy or assess developer reputation. These missing identifiers are major red flags that suggest either a malicious extension or corrupted metadata.

Concerns:

- Complete lack of identifying information raises suspicions about legitimacy

- Excessive permissions including identity access, which can compromise user authentication

- Broad host permissions (*://*/*, <all_urls>) allowing access to all websites and sensitive data

- Desktop capture capability combined with identity permissions creates severe privacy risks

- Tab manipulation permissions enable potential session hijacking or data theft

- The combination of loginState and identity permissions could facilitate account takeover attacks

- Storage permissions allow persistent data collection across browsing sessions

- Background script capabilities enable continuous monitoring without user awareness

Recommendations:

Immediately remove this extension as it poses critical security risks. The missing metadata combined with dangerous permission combinations suggests potential malware. If you require similar functionality, research well-established alternatives with clear developer information, positive reviews, and transparent privacy policies. Before installing any replacement, verify the developer's reputation and ensure permissions align with stated functionality. Consider running unknown extensions in isolated Chrome profiles to limit potential damage.

Findings

HIGH

Broad Host Permissions

This extension has broad host permissions allowing it to access many or all websites. This could potentially be used to steal sensitive data or track browsing activity.

HIGH

High-Risk Permission: identity

This extension has the identity permission. Can access your identity information. This could potentially be used maliciously to compromise security or privacy.

HIGH

High-Risk Permission: tabs

This extension has the tabs permission. Can access browser tab information and manipulate tabs. This could potentially be used maliciously to compromise security or privacy.

MEDIUM

Medium-Risk Permission: activeTab

This extension has the activeTab permission. Can access the active tab when clicking the extension icon.

MEDIUM

Medium-Risk Permission: notifications

This extension has the notifications permission. Can show notifications.

MEDIUM

Medium-Risk Permission: storage

This extension has the storage permission. Can store data locally.

Security Analysis Details

Required Permissions:

loginState
background
identity
identity.email
desktopCapture
storage
system.display
notifications
tabs
activeTab
alarms

Host Permissions:

*://*/*
<all_urls>

Content Security Policy:

extension_pages: script-src 'self'; object-src 'self';

Embedded URLs (33 total):

https://fonts.googleapis.com/css?family=Lato:400	https://www.google.com/search?q=
https://accounts.google.com/o/	https://accounts.google.com/signin/oauth/
https://admin.google.com/ServiceNotAllowed/	https://accounts.google.co.jp/accounts/
https://accounts.google.com/ServiceLogin/	https://accounts.google.com/signin/v2/
https://accounts.google.com/signin/v3/	https://accounts.google.com/v3/signin/
https://drive.google.com/	https://mail.google.com/
https://docs.google.com/	https://calendar.google.com/
https://chat.google.com/	https://meet.google.com/
https://sites.google.com/	https://groups.google.com/
https://photos.google.com/	https://hangouts.google.com/
https://keep.google.com/	https://jamboard.google.com/
https://classroom.google.com/	https://canvas.apps.chrome/
https://www.google.com/url	https://collabm24.web.app/
https://clients2.google.com/service/update2/crx	https://webpack.js.org/configuration/resolve/#resolvemainfields
https://github.com/rollup/@rollup/plugin-node-resolve	https://console.firebase.google.com/.
https://securetoken.google.com/	https://stackoverflow.com/q/56496296/110915
https://jssig-c7900.firebaseio.com

Raw Manifest

{
  "key": "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAknYs9Rk7vklYS7X2jFCAmvzrYO5g2VDsjTU4+OyiXGLg26ZvEm4m4g6DoXs4ntf3pVW2OThxkeGzFkmtMHQSven0Ped6rHZLRjiX9rIuskprd/EQ5TxzTik74ogI13PiABdy3zjAuVBqVzDHBWRA/BuVpGT7TREC4/yuEfsMFwkGllerQLvHzy14KqrSgIeoomZKFhwxcyPaG4bxihT6nGtRx41QT39CRcYEcrqG+HbEqssYpGyQlIdrO/ILpu1WUjre3cpyuCKbS1u/pX2dIm7ISlLhi7dZyqn8Ij628h5zKCBU3otf1lwyfN+tW6kcMNw8xNvANrcVGMliPIa+5wIDAQAB",
  "name": "Win Bird 授業支援 クライアント",
  "icons": {
    "48": "assets/icon48.png",
    "128": "assets/icon128.png"
  },
  "action": {
    "default_icon": "assets/icon48.png",
    "default_popup": "popup.html",
    "default_title": "Win Bird 授業支援クライアント"
  },
  "storage": {
    "managed_schema": "schema.json"
  },
  "version": "3.1.3.1001",
  "background": {
    "service_worker": "background.js"
  },
  "update_url": "https://clients2.google.com/service/update2/crx",
  "description": "授業を強力に支援する数々の機能を提供し、IT教育をバックアップいたします。",
  "permissions": [
    "loginState",
    "background",
    "identity",
    "identity.email",
    "desktopCapture",
    "storage",
    "system.display",
    "notifications",
    "tabs",
    "activeTab",
    "alarms"
  ],
  "default_locale": "ja",
  "host_permissions": [
    "*://*/*",
    "<all_urls>"
  ],
  "manifest_version": 3,
  "externally_connectable": {
    "ids": [
      "ajhcdhigekedagafngphjkdbcmfbfhbm"
    ],
    "matches": [
      "https://collabm24.web.app/*",
      "*://127.0.0.1/*",
      "*://localhost/*"
    ]
  },
  "content_security_policy": {
    "extension_pages": "script-src 'self'; object-src 'self';"
  }
}

by ✦ Astarte

Extension Details

Context-Aware Verdict

Findings

Security Analysis Details

Required Permissions:

Host Permissions:

Content Security Policy:

Embedded URLs (33 total):

Raw Manifest

Detections

Manifest Findings