Extension Details
Context-Aware Verdict
The extension has a relatively small user base of 5,000 users and a concerning 3.0-star rating from 45 reviews, suggesting user dissatisfaction. The Chinese name translates to "Light Boat Accelerator - One-click Free Return to China," indicating it's a VPN/proxy service for accessing Chinese content from abroad. The developer domain getqingzhou.com lacks established reputation, and the extension uses the older, less secure Manifest V2.
The proxy permission is particularly concerning as it allows complete control over network traffic routing, potentially enabling man-in-the-middle attacks, data interception, or malicious traffic redirection. The broad http://*/* permission grants access to all HTTP websites, creating extensive surveillance capabilities. The combination of proxy control with wide web access permissions creates significant privacy and security risks. The low user rating suggests potential functionality or trustworthiness issues.
Given the high-risk proxy permission and questionable trust indicators, consider running this extension in a completely separate Chrome profile if you must use it. Avoid accessing sensitive websites (banking, email, social media) while the extension is active. Monitor your network traffic for unusual activity. Consider well-established VPN services with better security track records instead. If using for accessing geo-restricted content, research more reputable alternatives with higher user ratings and transparent privacy policies.
Findings
Security Analysis Details
Required Permissions:
- proxy
- http://*/*
- storage
Embedded URLs (14 total):
| https://getqingzhou.com | https://getqingzhou.com/about.html | |
| https://shang.qq.com/wpa/qunwpa?idkey=887bf07a8884fbfba6e851f4fdc816a3d1d1e0e83a2ca2f0e17bf37fb33fafc2 | https://getqingzhou.com/log.html?vs=3 | |
| https://getqingzhou.com/log.html?vs=2 | https://getqingzhou.com/pay.html | |
| https://getqingzhou.com/intro.html | https://getqingzhou.com/report.html | |
| https://ssl.google-analytics.com/js/ga.js | https://clients2.google.com/service/update2/crx | |
| https://v1api.buyqingzhou.com | http://security.tencent.com/ | |
| https://forms.gle/F7BZK85ZEV7qJG7F8 | https://ssl.google-analytics.com/ga.js |
Raw Manifest
{ "name": "__MSG_extName__", "icons": { "16": "./static/image/icon.png", "32": "./static/image/icon.png", "48": "./static/image/icon.png", "128": "./static/image/icon.png" }, "version": "1.1.3", "background": { "scripts": [ "./static/js/background.js", "./static/js/jquery.min.js" ], "persistent": true }, "update_url": "https://clients2.google.com/service/update2/crx", "description": "__MSG_extDescription__", "permissions": [ "proxy", "http://*/*", "storage" ], "browser_action": { "default_icon": "./static/image/icon.png", "default_popup": "popup.html", "default_title": "__MSG_extName__" }, "default_locale": "en_US", "manifest_version": 2 }
ⓘ CRXaminer has partnered with our friends at Secure Annex to provide additional findings unique to their platform.
Secure Annex also analyzes extensions from other browsers, IDEs, and can continuously monitor.
This extension may not yet be analyzed by Secure Annex.