CRX aminer
Extension icon

AI Compare - OneClick to compare ChatGPT, Gemini, Grok and more.

Version 2.19.1 View in Chrome Web Store

Last scanned: about 4 hours ago

Extension Details

Rating: 4.7 ★ (46 ratings)
Users: 1,000

Context-Aware Verdict

CRITICAL
Overall Risk
Trust Factors:

The extension has a decent rating of 4.7 stars from 46 reviews, but the user base is quite small at only 1,000 users. The lack of visible developer information and company details raises transparency concerns. While the concept of comparing AI services is legitimate, the implementation appears overly invasive for its stated purpose.

Concerns:

The extension exhibits several red flags that justify the critical risk rating. The combination of broad host permissions with content script injection across all websites creates significant attack surface. The clipboardRead permission is particularly concerning as it allows access to potentially sensitive copied data. The identity permission could expose personal authentication information. The unsafe JavaScript evaluation capability through 'unsafe-eval' in the CSP creates vulnerability to code injection attacks. Most concerning is that these extensive permissions seem excessive for simply comparing AI chatbot responses.

Recommendations:

Given the critical risk level, avoid installing this extension on your primary browser profile. If you must use it, create a dedicated Chrome profile with no saved passwords, personal data, or sensitive browsing activity. Consider using established alternatives from reputable developers instead. The broad permissions combined with limited user base and unclear developer identity make this extension unsuitable for environments containing sensitive information. Monitor for updates that might reduce permission scope before reconsidering use.

Findings

HIGH
Broad Content Script Injection
This extension can inject scripts into any website. This means it could potentially read sensitive data, modify website content, or steal credentials.
HIGH
Broad Host Permissions
This extension has broad host permissions allowing it to access many or all websites. This could potentially be used to steal sensitive data or track browsing activity.
HIGH
High-Risk Permission: clipboardRead
This extension has the clipboardRead permission. Can read clipboard content. This could potentially be used maliciously to compromise security or privacy.
HIGH
High-Risk Permission: identity
This extension has the identity permission. Can access your identity information. This could potentially be used maliciously to compromise security or privacy.
HIGH
High-Risk Permission: tabs
This extension has the tabs permission. Can access browser tab information and manipulate tabs. This could potentially be used maliciously to compromise security or privacy.
HIGH
Unsafe JavaScript Evaluation
This extension's Content Security Policy allows 'unsafe-eval', which permits dynamic JavaScript code execution using eval() and similar functions. This is a significant security risk as it could allow execution of malicious code.
MEDIUM
Medium-Risk Permission: activeTab
This extension has the activeTab permission. Can access the active tab when clicking the extension icon.
MEDIUM
Medium-Risk Permission: contextMenus
This extension has the contextMenus permission. Can add items to the context menu.
MEDIUM
Medium-Risk Permission: storage
This extension has the storage permission. Can store data locally.