AI Compare - OneClick to compare ChatGPT, Gemini, Grok and more.
Version 2.19.1 View in Chrome Web Store
Last scanned: about 4 hours ago
Extension Details
Rating:
4.7 ★
(46 ratings)
Users:
1,000
Context-Aware Verdict
This section provides a Claude-based AI analysis that applies additional context to the risk. Results are not guaranteed to be accurate.
CRITICAL
Overall Risk
Trust Factors:
The extension has a decent rating of 4.7 stars from 46 reviews, but the user base is quite small at only 1,000 users. The lack of visible developer information and company details raises transparency concerns. While the concept of comparing AI services is legitimate, the implementation appears overly invasive for its stated purpose.
Concerns:
The extension exhibits several red flags that justify the critical risk rating. The combination of broad host permissions with content script injection across all websites creates significant attack surface. The clipboardRead permission is particularly concerning as it allows access to potentially sensitive copied data. The identity permission could expose personal authentication information. The unsafe JavaScript evaluation capability through 'unsafe-eval' in the CSP creates vulnerability to code injection attacks. Most concerning is that these extensive permissions seem excessive for simply comparing AI chatbot responses.
Recommendations:
Given the critical risk level, avoid installing this extension on your primary browser profile. If you must use it, create a dedicated Chrome profile with no saved passwords, personal data, or sensitive browsing activity. Consider using established alternatives from reputable developers instead. The broad permissions combined with limited user base and unclear developer identity make this extension unsuitable for environments containing sensitive information. Monitor for updates that might reduce permission scope before reconsidering use.
Findings
This section provides a detailed analysis of the extension's security posture, without broader context. Assumes worst-case impact.
HIGH
Broad Content Script Injection
This extension can inject scripts into any website. This means it could potentially read sensitive data, modify website content, or steal credentials.
HIGH
Broad Host Permissions
This extension has broad host permissions allowing it to access many or all websites. This could potentially be used to steal sensitive data or track browsing activity.
HIGH
High-Risk Permission: clipboardRead
This extension has the clipboardRead permission. Can read clipboard content. This could potentially be used maliciously to compromise security or privacy.
HIGH
High-Risk Permission: identity
This extension has the identity permission. Can access your identity information. This could potentially be used maliciously to compromise security or privacy.
HIGH
High-Risk Permission: tabs
This extension has the tabs permission. Can access browser tab information and manipulate tabs. This could potentially be used maliciously to compromise security or privacy.
HIGH
Unsafe JavaScript Evaluation
This extension's Content Security Policy allows 'unsafe-eval', which permits dynamic JavaScript code execution using eval() and similar functions. This is a significant security risk as it could allow execution of malicious code.
MEDIUM
Medium-Risk Permission: activeTab
This extension has the activeTab permission. Can access the active tab when clicking the extension icon.
MEDIUM
Medium-Risk Permission: contextMenus
This extension has the contextMenus permission. Can add items to the context menu.
MEDIUM
Medium-Risk Permission: storage
This extension has the storage permission. Can store data locally.
Security Analysis Details
Required Permissions:
- storage
- activeTab
- tabs
- contextMenus
- declarativeNetRequest
- sidePanel
- clipboardRead
- omnibox
- identity
Host Permissions:
- <all_urls>
Content Security Policy:
- extension_pages: script-src 'self'; object-src 'self'; frame-src *; img-src 'self' chrome-extension: data: blob:;
- sandbox: sandbox allow-scripts allow-forms allow-popups allow-modals; script-src 'unsafe-eval' 'self'
Embedded URLs (1522 total):
| https://console.firebase.google.com/ | https://console.cloud.google.com/ | |
| https://abcdefghijklmnop.chromiumapp.org/ | https://github.com/taoAIGC/AI-Shortcuts/blob/main/config/siteHandlers.json | |
| https://www.gstatic.com/firebasejs/12.8.0/firebase-app.js | https://www.gstatic.com/firebasejs/12.8.0/firebase-analytics.js | |
| https://your-webdav-server.com/dav/ | http://www.w3.org/2000/svg | |
| https://chromewebstore.google.com/detail/ai-compare-oneclick-to-co/dkhpgbbhlnmjbkihoeniojpkggkabbbl/reviews | https://fsf.org/ | |
| https://www.gnu.org/licenses/ | https://www.gnu.org/licenses/why-not-lgpl.html | |
| https://wenjuan.feishu.cn/m?t=sxcO29Fz913i-1ad4 | https://wenjuan.feishu.cn/m/cfm?t=sTFPGe4oetOi-9m3a | |
| https://chatgpt.com/ | https://gemini.google.com/ | |
| https://grok.com/ | https://claude.ai/chat | |
| https://aistudio.google.com/ | https://chat.deepseek.com/ | |
| https://doubao.com/chat | https://www.wenxiaobai.com/ | |
| https://metaso.cn/ | https://yiyan.baidu.com/chat | |
| https://yuanbao.tencent.com/chat/ | https://www.google.com/search?q= | |
| https://nanoai.live/ | https://chatglm.cn/chat | |
| https://kimi.com/ | https://www.qianwen.com/ | |
| https://chat.qwen.ai/ | https://zhida.zhihu.com/ | |
| https://www.xiaohongshu.com/search_result?keyword= | https://www.baidu.com/s?wd= | |
| https://copilot.microsoft.com/ | https://www.perplexity.ai/search?q= | |
| https://poe.com/ | https://chat.z.ai/ | |
| https://chat.mistral.ai/chat | https://www.bing.com/search?q= | |
| https://www.google-analytics.com/mp/collect?measurement_id= | https://raw.githubusercontent.com/taoAIGC/AI-Shortcuts/main/config/siteHandlers.json | |
| http://www.apache.org/licenses/LICENSE-2.0 | http://www.apache.org/licenses/ | |
| https://github.com/puppeteer/puppeteer | https://github.com/puppeteer/puppeteer/blob/master/LICENSE | |
| https://img.shields.io/npm/v/playwright.svg | https://www.npmjs.com/package/playwright | |
| https://img.shields.io/badge/chromium-145.0.7632.6-blue.svg?logo=google-chrome | https://www.chromium.org/Home | |
| https://img.shields.io/badge/firefox-146.0.1-blue.svg?logo=firefoxbrowser | https://www.mozilla.org/en-US/firefox/new/ | |
| https://img.shields.io/badge/webkit-26.0-blue.svg?logo=safari | https://webkit.org/ | |
| https://img.shields.io/badge/join-discord-informational | https://aka.ms/playwright/discord | |
| https://playwright.dev | https://playwright.dev/docs/api/class-playwright | |
| https://playwright.dev/docs/intro#system-requirements | https://playwright.dev/python/docs/intro | |
| https://playwright.dev/dotnet/docs/intro | https://playwright.dev/java/docs/intro | |
| https://playwright.dev/docs/cli#install-browsers | https://playwright.dev/docs/browsers | |
| https://playwright.dev/docs/intro | https://playwright.dev/docs/codegen | |
| https://playwright.dev/docs/inspector | https://playwright.dev/docs/trace-viewer | |
| https://playwright.dev/ | https://maps.google.com | |
| https://www.example.com/ | http://todomvc.com | |
| https://playwright.dev/docs/api/class-playwright/ | https://github.com/microsoft/playwright/releases | |
| https://github.com/microsoft/playwright.git | https://playwright.dev/docs/api/class-browsertype#browser-type-launch-persistent-context | |
| https://example.com:8080 | https://playwright.dev/docs/api/class-page#page-set-default-timeout. | |
| https://playwright.dev/docs/api/class-page#page-set-default-navigation-timeout. | https://playwright.dev/docs/api/class-browser |
Page 1 of 20
Raw Manifest
{ "name": "__MSG_appName__", "icons": { "16": "icons/icon16.png", "48": "icons/icon48.png", "128": "icons/icon128.png" }, "action": { "default_icon": { "16": "icons/icon16.png", "48": "icons/icon48.png", "128": "icons/icon128.png" }, "default_title": "__MSG_commandDescription__" }, "omnibox": { "keyword": "ai" }, "version": "2.19.1", "commands": { "_execute_action": { "description": "__MSG_commandDescription__" } }, "background": { "service_worker": "background.js" }, "side_panel": { "default_path": "homepage/homepage.html?side_panel=true" }, "update_url": "https://clients2.google.com/service/update2/crx", "description": "__MSG_extDescription__", "permissions": [ "storage", "activeTab", "tabs", "contextMenus", "declarativeNetRequest", "sidePanel", "clipboardRead", "omnibox", "identity" ], "options_page": "options/options.html", "default_locale": "en", "content_scripts": [ { "js": [ "config/baseConfig.js", "config/siteDetector.js", "iframe/inject.js" ], "run_at": "document_start", "matches": [ "<all_urls>" ], "all_frames": true }, { "js": [ "config/baseConfig.js", "content-scripts/selection.js" ], "css": [ "content-scripts/selection.css" ], "matches": [ "<all_urls>" ] }, { "js": [ "config/baseConfig.js", "content-scripts/float-button.js" ], "css": [ "content-scripts/float-button.css" ], "run_at": "document_end", "matches": [ "<all_urls>" ] }, { "js": [ "config/baseConfig.js", "content-scripts/search-engines.js" ], "matches": [ "https://www.google.com/*", "https://www.baidu.com/*", "https://www.bing.com/*", "https://cn.bing.com/*" ] }, { "js": [ "config/baseConfig.js", "content-scripts/site-button.js" ], "css": [ "content-scripts/site-button.css" ], "run_at": "document_end", "matches": [ "<all_urls>" ] } ], "host_permissions": [ "<all_urls>" ], "manifest_version": 3, "content_security_policy": { "sandbox": "sandbox allow-scripts allow-forms allow-popups allow-modals; script-src 'unsafe-eval' 'self'", "extension_pages": "script-src 'self'; object-src 'self'; frame-src *; img-src 'self' chrome-extension: data: blob:;" }, "declarative_net_request": { "rule_resources": [ { "id": "ruleset_1", "path": "config/rules.json", "enabled": true } ] }, "web_accessible_resources": [ { "matches": [ "chrome-extension://*/*", "<all_urls>" ], "resources": [ "iframe/*", "homepage/*", "history/*", "icons/*", "config/*", "content-scripts/*", "debug/*", "firebase/*" ], "use_dynamic_url": true }, { "matches": [ "<all_urls>" ], "resources": [ "icons/*" ] } ] }
ⓘ CRXaminer has partnered with our friends at Secure Annex to provide additional findings unique to their platform.
Secure Annex also analyzes extensions from other browsers, IDEs, and can continuously monitor.
Loading Secure Annex data...
Unable to load Secure Annex data.
This extension may not yet be analyzed by Secure Annex.
Detections
0Critical
0
High
0
Medium
0
Low
0
Has Verdicts
Yes
Manifest Findings
0Critical
0
High
0
Medium
0
Low
0
Secure Annex analyzed version: -