Extension Details
Developer:
Exodus Movement, Inc.
Rating:
3.4 ★
(82 ratings)
Users:
100,000
Context-Aware Verdict
This section provides a Claude-based AI analysis that applies additional context to the risk. Results are not guaranteed to be accurate.
MEDIUM
Overall Risk
Trust Factors:
The extension is developed by Exodus Movement, Inc., a well-established cryptocurrency wallet company with a solid reputation in the crypto space. With 100,000 users, it has achieved reasonable adoption, though the 3.4-star rating from 82 reviews suggests mixed user experiences. The extension uses Manifest V3, indicating compliance with modern Chrome security standards.
Concerns:
The extension has extensive host permissions covering numerous DeFi platforms, DEXs, and NFT marketplaces, which creates a broad attack surface. While these permissions align with Web3 wallet functionality, they allow the extension to interact with sensitive financial platforms where users handle cryptocurrency transactions. The unlimited storage permission, while necessary for blockchain data caching, could potentially be misused. The relatively low rating compared to other major wallet extensions raises some user satisfaction concerns.
Recommendations:
Consider running this extension in a dedicated Chrome profile for crypto activities to isolate it from other browsing. Only use it on the whitelisted DeFi platforms it's designed for, and avoid enabling it on general browsing sessions. Regularly review connected sites and permissions in the extension settings. Given the financial nature of Web3 wallets, ensure you're downloading from the official Chrome Web Store and verify the developer identity. Consider using hardware wallet integration when available for additional security layers.
Findings
This section provides a detailed analysis of the extension's security posture, without broader context. Assumes worst-case impact.
MEDIUM
Medium-Risk Permission: storage
This extension has the storage permission. Can store data locally.
MEDIUM
Medium-Risk Permission: unlimitedStorage
This extension has the unlimitedStorage permission. Can store unlimited data locally.
Security Analysis Details
Required Permissions:
- storage
- unlimitedStorage
- alarms
Content Security Policy:
- extension_pages: default-src 'self'; frame-src 'none'; frame-ancestors 'self'; form-action 'none'; object-src 'none'; style-src 'self' 'unsafe-inline'; img-src 'self' https://fetch-n-cache.a.exodus.io data:; connect-src https: wss: data: blob:
- sandbox: sandbox default-src 'self'; frame-src 'none'; frame-ancestors 'self'; form-action 'none'; object-src 'none'; style-src 'self' 'unsafe-inline'; img-src 'self' https://fetch-n-cache.a.exodus.io data:; connect-src https: wss: data: blob:
Embedded URLs (837 total):
| https://fetch-n-cache.a.exodus.io | http://www.w3.org/2000/svg | |
| https://www.exodus.com/support | https://lodash.com/ | |
| https://openjsf.org/ | https://lodash.com/license | |
| http://underscorejs.org/LICENSE | https://npms.io/search?q=ponyfill. | |
| https://feross.org | https://api.moonpay.com | |
| http://www.w3.org/1999/xlink | https://feross.org/opensource | |
| https://github.com/react-native-community/cli/blob/master/docs/autolinking.md | https://redux.js.org/api-reference/store#subscribe | |
| https://reactnavigation.org/docs/getting-started | https://reactnavigation.org/docs/navigating-without-navigation-prop#handling-initialization | |
| https://reactnavigation.org/docs/configuring-links | https://geth.a.exodus.io/wallet/v1/ | |
| https://getc.a.exodus.io/wallet/v1/ | https://geth-holesky-testnet-d.a.exodus.io/wallet/v1/ | |
| https://bsc-clarity.a.exodus.io/ | https://polygon-clarity.a.exodus.io/ | |
| https://avax-c.a.exodus.io/wallet/v1/ | https://fantom.a.exodus.io/wallet/v1/ | |
| https://harmony.a.exodus.io/wallet/v1/ | https://nova.arbitrum.io/rpc | |
| https://arbitrum-one-clarity.a.exodus.io | https://optimism-clarity.a.exodus.io | |
| https://rsk.a.exodus.io | https://flare-nn.a.exodus.io/ext/C/rpc | |
| https://aurora.a.exodus.io | https://base-qn.a.exodus.io | |
| https://cronos-cs.a.exodus.io | https://mantle-qn.a.exodus.io | |
| https://mantle-sepolia-qn.a.exodus.io | https://arbitrum-sepolia-qn.a.exodus.io | |
| https://reactnavigation.org/docs/nesting-navigators | https://reactnavigation.org/docs/use-focus-effect | |
| https://reactnavigation.org/docs/hello-react-navigation | https://reactnavigation.org/docs/navigation-actions#navigate | |
| https://github.com/emn178/js-sha3 | http://fusejs.io | |
| http://kiro.me | http://www.apache.org/licenses/LICENSE-2.0 | |
| http://www.w3.org/XML/1998/namespace | https://github.com/ethereum/eth1.0-specs/blob/master/network-upgrades/mainnet-upgrades/london.md | |
| https://eips.ethereum.org/EIPS/eip-2070 | https://eips.ethereum.org/EIPS/eip-2384 | |
| https://eips.ethereum.org/EIPS/eip-1679 | https://eips.ethereum.org/EIPS/eip-1716 | |
| https://eips.ethereum.org/EIPS/eip-1013 | https://eips.ethereum.org/EIPS/eip-609 | |
| https://eips.ethereum.org/EIPS/eip-607 | https://eips.ethereum.org/EIPS/eip-608 | |
| https://eips.ethereum.org/EIPS/eip-779 | https://eips.ethereum.org/EIPS/eip-606 | |
| https://eips.ethereum.org/EIPS/eip-3541 | https://eips.ethereum.org/EIPS/eip-3529 | |
| https://eips.ethereum.org/EIPS/eip-3198 | https://eips.ethereum.org/EIPS/eip-2930 | |
| https://eips.ethereum.org/EIPS/eip-2929 | https://eips.ethereum.org/EIPS/eip-2718 | |
| https://eips.ethereum.org/EIPS/eip-2565 | https://eips.ethereum.org/EIPS/eip-2537 | |
| https://eips.ethereum.org/EIPS/eip-2315 | https://eips.ethereum.org/EIPS/eip-1559 | |
| https://github.com/ethereum/eth1.0-specs/blob/master/network-upgrades/client-integration-testnets/calaveras.md | https://github.com/goerli/testnet | |
| https://kovan-testnet.github.io/website/ | https://www.rinkeby.io | |
| https://github.com/ethereum/ropsten | https://ethstats.net/ | |
| http://fb.me/use-check-prop-types | https://fb.me/react-polyfills | |
| https://reactjs.org/docs/error-decoder.html?invariant= | http://www.w3.org/1999/xhtml | |
| http://www.w3.org/1998/Math/MathML | https://reactnavigation.org/docs/stack-navigator#presentation | |
| https://reactnavigation.org/docs/stack-navigator/#headershown | https://reactnavigation.org/docs/stack-navigator/#headermode |
Page 1 of 11
Raw Manifest
{ "name": "__MSG_appName__", "icons": { "16": "assets/png/icon_16x16.png", "32": "assets/png/icon_32x32.png", "128": "assets/png/icon_128x128.png" }, "action": { "default_icon": { "16": "assets/png/icon_16x16.png", "32": "assets/png/icon_32x32.png", "128": "assets/png/icon_128x128.png" }, "default_popup": "index.html?scaletofit=true&isPopup=true", "default_title": "Exodus" }, "version": "26.3.11", "commands": { "_execute_action": { "description": "Open Exodus", "suggested_key": { "default": "Ctrl+Shift+E" } } }, "background": { "service_worker": "background.js" }, "short_name": "Exodus", "update_url": "https://clients2.google.com/service/update2/crx", "description": "__MSG_appDescription__", "permissions": [ "storage", "unlimitedStorage", "alarms" ], "homepage_url": "https://www.exodus.com", "default_locale": "en", "content_scripts": [ { "js": [ "content.js" ], "run_at": "document_start", "matches": [ "https://*/*", "http://localhost/*", "http://127.0.0.1/*", "http://[::1]/*" ] }, { "js": [ "content-connect-banner.js" ], "css": [ "connect-banner.css" ], "run_at": "document_start", "matches": [ "https://*.convexfinance.com/*", "https://*.launchmynft.io/*", "https://*.penguinfinance.org/*", "https://*.sandbox.game/*", "https://*.sushi.com/*", "https://apeswap.finance/*", "https://app.aave.com/*", "https://app.aavegotchi.com/*", "https://app.airnfts.com/*", "https://app.balancer.fi/*", "https://app.benqi.fi/*", "https://app.deus.finance/*", "https://app.dodoex.io/*", "https://app.ens.domains/*", "https://app.fantohm.com/*", "https://app.firebird.finance/*", "https://app.gmx.io/*", "https://app.hop.exchange/*", "https://app.mugenswap.xyz/*", "https://app.pangolin.exchange/*", "https://app.spartacus.finance/*", "https://app.uniswap.org/*", "https://audius.co/*", "https://beets.fi/*", "https://dappradar.com/*", "https://galxe.com/*", "https://homora.alphaventuredao.io/*", "https://joepegs.com/*", "https://magiceden.io/*", "https://opensea.io/*", "https://paintswap.finance/*", "https://pancakeswap.finance/*", "https://planetix.com/*", "https://quickswap.exchange/*", "https://shibaswap.com/*", "https://spooky.fi/*", "https://stargate.finance/*", "https://swap.cow.fi/*", "https://trade.dydx.exchange/*", "https://traderjoexyz.com/*", "https://wallet-beta.polygon.technology/*", "https://wallet.polygon.technology/*" ] } ], "manifest_version": 3, "minimum_chrome_version": "100", "content_security_policy": { "sandbox": "sandbox default-src 'self'; frame-src 'none'; frame-ancestors 'self'; form-action 'none'; object-src 'none'; style-src 'self' 'unsafe-inline'; img-src 'self' https://fetch-n-cache.a.exodus.io data:; connect-src https: wss: data: blob:", "extension_pages": "default-src 'self'; frame-src 'none'; frame-ancestors 'self'; form-action 'none'; object-src 'none'; style-src 'self' 'unsafe-inline'; img-src 'self' https://fetch-n-cache.a.exodus.io data:; connect-src https: wss: data: blob:" }, "web_accessible_resources": [ { "matches": [ "https://*/*", "http://localhost/*", "http://127.0.0.1/*", "http://[::1]/*" ], "resources": [ "canvas-worker.js", "assets/fonts/rubik/Rubik-Light.ttf", "assets/fonts/rubik/Rubik-Medium.ttf", "assets/fonts/rubik/Rubik-Regular.ttf", "assets/png/logo.png", "assets/png/icon_white.png", "assets/png/banner-bg-right.png", "assets/png/dapp_icons/*", "algorand-provider.js", "buy-crypto.html", "buy-crypto.js", "ethereum-provider.js", "cardano-provider.js", "cosmos-provider.js", "solana-provider.js", "management-provider.js", "inapp.js", "connect-banner.js", "sell-crypto.html", "sell-crypto.js" ] } ] }
ⓘ CRXaminer has partnered with our friends at Secure Annex to provide additional findings unique to their platform.
Secure Annex also analyzes extensions from other browsers, IDEs, and can continuously monitor.
Loading Secure Annex data...
Unable to load Secure Annex data.
This extension may not yet be analyzed by Secure Annex.
Detections
0Critical
0
High
0
Medium
0
Low
0
Has Verdicts
Yes
Manifest Findings
0Critical
0
High
0
Medium
0
Low
0
Secure Annex analyzed version: -