Popup Blocker - Blocks annoying Popups
Version 1.17.5 View in Chrome Web Store
Extension Details
Context-Aware Verdict
The extension has a moderate user base of 90,000 users and a decent rating of 3.9/5, suggesting some level of user satisfaction. However, the relatively low number of reviews (95) compared to the user count raises questions about user engagement. The author domain "popupsblocker.org" appears purpose-built for this extension, but lacks established company credentials or transparency about the development team.
The extension requests extremely broad permissions that far exceed what's necessary for basic popup blocking. The combination of tabs permission, scripting access, and <all_urls> host permissions creates a powerful surveillance capability. Most concerning is the ability to inject content scripts into every website you visit, which could enable data harvesting, credential theft, or malicious code injection. The declarativeNetRequestWithHostAccess permission, while potentially legitimate for blocking, combined with unlimited storage could facilitate extensive data collection and retention.
Consider running this extension in a separate Chrome profile to isolate potential risks from your main browsing activities. Alternative popup blockers with more limited permissions may provide similar functionality with reduced risk. Popular options like uBlock Origin have established reputations and more transparent development. If you continue using this extension, regularly review your stored data and monitor for unusual browser behavior. Consider whether the popup blocking benefits justify the extensive access permissions this extension demands.
Findings
Security Analysis Details
Required Permissions:
- tabs
- storage
- declarativeNetRequest
- declarativeNetRequestWithHostAccess
- unlimitedStorage
- alarms
- scripting
Host Permissions:
- <all_urls>
Content Security Policy:
- extension_pages: script-src 'self'; object-src 'self'
Embedded URLs (1 total):
| https://clients2.google.com/service/update2/crx |
Raw Manifest
{ "name": "__MSG_appName__", "icons": { "128": "128.png" }, "version": "1.17.5", "background": { "service_worker": "serviceworker.js" }, "update_url": "https://clients2.google.com/service/update2/crx", "description": "__MSG_appDesc__", "permissions": [ "tabs", "storage", "declarativeNetRequest", "declarativeNetRequestWithHostAccess", "unlimitedStorage", "alarms", "scripting" ], "default_locale": "en", "content_scripts": [ { "js": [ "content_script.js" ], "run_at": "document_start", "matches": [ "<all_urls>" ], "all_frames": true } ], "host_permissions": [ "<all_urls>" ], "manifest_version": 3, "content_security_policy": { "extension_pages": "script-src 'self'; object-src 'self'" }, "web_accessible_resources": [ { "matches": [ "<all_urls>" ], "resources": [ "web-accessible-resources/*", "close.html", "128.png" ], "use_dynamic_url": true } ] }
ⓘ CRXaminer has partnered with our friends at Secure Annex to provide additional findings unique to their platform.
Secure Annex also analyzes extensions from other browsers, IDEs, and can continuously monitor.
This extension may not yet be analyzed by Secure Annex.