Extension Details
Context-Aware Verdict
The extension has very limited trust indicators with only 419 users and a modest 3.5-star rating. The lack of developer information, company details, and unclear description raises significant transparency concerns. The low user base suggests limited community vetting, and the absence of clear functionality description makes it difficult to assess legitimate use cases.
The extension requests an extremely broad set of permissions that appear excessive for most legitimate utilities. The combination of cookies access, tabs manipulation, and universal host permissions creates a powerful surveillance and data collection capability. The ability to inject content scripts into all websites means it can potentially capture sensitive information like passwords, financial data, and personal communications. The vague name "TSQ Utilities" provides no clear indication of what specific utility functions justify these extensive permissions.
Do not install this extension due to its critical risk level. If you absolutely must use it, create a completely separate Chrome profile with no saved passwords, personal data, or access to sensitive websites. Consider using a virtual machine for additional isolation. Before installation, research the developer thoroughly and verify the extension's legitimate purpose. Look for alternative extensions with more transparent developers and limited, appropriate permissions. Monitor your accounts for any suspicious activity if you've previously used this extension.
Findings
Security Analysis Details
Required Permissions:
- cookies
- activeTab
- tabs
- scripting
Host Permissions:
- <all_urls>
Embedded URLs (237 total):
| https://townsquarehelp.com/submit/digital-support/ | https://fonts.googleapis.com/icon?family=Material+Icons | |
| https://cdnjs.cloudflare.com/ajax/libs/materialize/1.0.0/css/materialize.min.css | https://fonts.googleapis.com/css?family=Roboto:300 | |
| https://clients2.google.com/service/update2/crx | https://goo.gl/nhQhGp | |
| https://goo.gl/2aRDsh | https://storage.googleapis.com/workbox-cdn/releases/4.3.1/workbox-sw.js | |
| https://goo.gl/S9QRab | https://m2.material.io/components/menus#specs | |
| https://drafts.csswg.org/selectors-4/#the-focus-visible-pseudo | https://github.com/WICG/focus-visible/blob/HEAD/explainer.md | |
| https://github.com/WICG/focus-visible | https://github.com/mui/material-ui/pull/33205 | |
| https://reactcommunity.org/react-transition-group/css-transition | https://reactjs.org/docs/hooks-reference.html#usestate | |
| https://github.com/reactjs/react-transition-group/pull/749 | https://stackoverflow.com/a/51127130/4671932 | |
| https://github.com/reactjs/react-transition-group/blob/13435f897b3ab71f6e19d724f145596f5910581c/test/CSSTransition-test.js#L362-L437 | https://github.com/twbs/bootstrap/blob/488fd8afc535ca3a6ad4dc581f5e89217b6a36ac/js/src/util/scrollbar.js#L14-L18 | |
| https://developer.mozilla.org/en-US/docs/Web/API/Window/innerWidth#usage_notes | https://mui.com/base-ui/react-portal/ | |
| https://mui.com/base-ui/react-portal/components-api/#portal | https://www.w3.org/TR/html-aria/#docconformance | |
| https://css-tricks.com/snippets/css/force-vertical-scrollbar/ | https://github.com/focus-trap/tabbable | |
| https://bugs.chromium.org/p/chromium/issues/detail?id=661108&q=contenteditable%20tabindex&can=2 | https://mui.com/base-ui/react-focus-trap/ | |
| https://mui.com/base-ui/react-focus-trap/components-api/#focus-trap | https://bugzilla.mozilla.org/show_bug.cgi?id=559561. | |
| https://html.spec.whatwg.org/multipage/interaction.html#focus-fixup-rule. | https://mui.com/material-ui/api/dialog/ | |
| https://mui.com/material-ui/api/drawer/ | https://mui.com/material-ui/api/menu/ | |
| https://mui.com/material-ui/api/popover/ | https://react-bootstrap.github.io/react-overlays/#modals | |
| https://mui.com/base-ui/react-modal/ | https://mui.com/base-ui/react-modal/components-api/#modal | |
| https://github.com/reactjs/react-transition-group | https://fb.me/react-controlled-components | |
| https://github.com/facebook/react/issues/9023 | https://developer.mozilla.org/en-US/docs/Web/HTML/Element/input#Attributes | |
| https://mui.com/material-ui/customization/palette/#adding-new-colors | https://github.com/mui/material-ui/issues/30011#issuecomment-1024993401 | |
| https://mui.com/guides/classname-generator/ | https://en.wikipedia.org/wiki/Birthday_problem | |
| https://github.com/webpack/webpack/issues/14814 | https://mui.com/base-ui/react-click-away-listener/ | |
| https://mui.com/base-ui/react-click-away-listener/components-api/#click-away-listener | https://github.com/facebook/react/issues/20074 | |
| https://github.com/DieterHolvoet/event-propagation-path/blob/master/propagationPath.js | http://reactcommunity.org/react-transition-group/transition/ | |
| https://mui.com/base-ui/react-snackbar/#hook | https://mui.com/base-ui/react-snackbar/hooks-api/#use-snackbar | |
| https://github.com/mui/material-ui/issues/29080 | https://mui.com/production-error/?code= | |
| http://www.w3.org/2000/svg | https://reactjs.org/docs/error-decoder.html?invariant= | |
| http://www.w3.org/1999/xlink | http://www.w3.org/XML/1998/namespace | |
| http://www.w3.org/1999/xhtml | http://www.w3.org/1998/Math/MathML | |
| https://fb.me/react-polyfills | http://fb.me/use-check-prop-types | |
| https://github.com/uuidjs/uuid#getrandomvalues-not-supported | https://docs.google.com/document/d/1QiRpNwxVbwxqjQ-GlgjOkhHNqVFUI8b7Tlr2bdX_Gc8/edit | |
| https://script.google.com/macros/s/AKfycbyxtf85Nkm8czxZYQF7YyaZZgNxVCSIavAN6oPKqHI3fZvrOoH-/exec | https://townsquaredigital.com/extension/markets.json? | |
| https://jd.production.townsquareblogs.com | https://austin.production.townsquareblogs.com | |
| https://qa.production.townsquareblogs.com | https://brandedapp.production.townsquareblogs.com | |
| https://letsgettropical.production.townsquareblogs.com | https://townsquarehelp.com/submit/dp-feedback/ | |
| https://townsquaredigital.com/extension/key.json? | https://apps.apple.com/us/app/id | |
| https://play.google.com/store/apps/details?id= | https://getbootstrap.com/docs/4.3/layout/grid/ | |
| https://github.com/kristoferjoseph/flexboxgrid/blob/master/src/css/flexboxgrid.css | https://github.com/roylee0704/react-flexbox-grid |
Raw Manifest
{ "name": "TSQ Utilities", "icons": { "16": "16x16.png", "48": "48x48.png", "128": "128x128.png" }, "action": { "default_popup": "index.html", "default_title": "Open the popup" }, "version": "0.1.11", "update_url": "https://clients2.google.com/service/update2/crx", "description": "Townsquare Utilities Browser Extension", "permissions": [ "cookies", "activeTab", "tabs", "scripting" ], "content_scripts": [ { "js": [ "content.js" ], "matches": [ "<all_urls>" ] } ], "host_permissions": [ "<all_urls>" ], "manifest_version": 3, "browser_specific_settings": { "gecko": { "id": "{76ff7af4-f943-483d-91f4-bf1f4afcc9e0}" } } }
ⓘ CRXaminer has partnered with our friends at Secure Annex to provide additional findings unique to their platform.
Secure Annex also analyzes extensions from other browsers, IDEs, and can continuously monitor.
This extension may not yet be analyzed by Secure Annex.