TextUs Next Extension (Legacy)
Version 4.0.41 View in Chrome Web Store
Extension Details
Context-Aware Verdict
The extension appears to be a legitimate business communication tool for TextUs, a professional texting platform commonly used in recruiting and staffing. With 9,000 users and integration with established platforms like Salesforce, Bullhorn, and Dynamics, it shows signs of legitimate business use. However, the 3.0 rating from 57 reviews suggests mixed user experiences, and the "Legacy" designation indicates this may be an outdated version.
The most significant concern is the overly broad host permissions (http://*/*, https://*/*) which grant access to all websites, far exceeding what's necessary for a business texting tool. The tabs permission allows manipulation of browser tabs, which combined with universal website access creates privacy risks. The extension can inject content scripts across numerous domains including localhost, suggesting development/testing remnants that shouldn't be in production. Using Manifest V2 indicates outdated security standards, and the lack of recent update information raises maintenance concerns.
Consider running this extension in a separate Chrome profile to isolate its broad permissions from your primary browsing. Verify with your organization that this legacy version is still officially supported, as newer, more secure versions may be available. Monitor the extension's behavior closely and consider alternatives if available. If you must use it, limit browsing sensitive websites while the extension is active, and regularly review what data it may be accessing through its extensive permissions.
Findings
Security Analysis Details
Required Permissions:
- activeTab
- contextMenus
- storage
- tabs
- alarms
- idle
- https://app.bullhornstaffing.com/*
- https://*.lightning.force.com/*
- https://next.textus.com/*
- https://texting.bullhorn.com/*
- https://talentreef.textus.com/*
- http://*/*
- https://*/*
Content Security Policy:
- script-src 'self' https://cdn.segment.com; object-src 'self'
Embedded URLs (40 total):
| https://github.com/zloirock/core-js/blob/v3.27.2/LICENSE | https://github.com/zloirock/core-js | |
| https://npms.io/search?q=ponyfill. | http://js.pusher.com | |
| https://js.pusher.com | https://pusher.com | |
| https://github.com/pusher/pusher-js/tree/cc491015371a4bde5743d1c87a0fbac0feb53195#encrypted-channel-support | http://bit.ly/redux-logger-options | |
| https://redux.js.org/Errors?code= | https://texting.bullhorn.com/ | |
| https://talentreef.textus.com/ | https://next.textus.com | |
| https://github.com/date-fns/date-fns/blob/master/docs/upgradeGuide.md#string-arguments | https://bit.ly/3cXEKWf | |
| https://reactjs.org/docs/error-decoder.html?invariant= | http://www.w3.org/1999/xlink | |
| http://www.w3.org/XML/1998/namespace | http://www.w3.org/1999/xhtml | |
| http://www.w3.org/2000/svg | http://www.w3.org/1998/Math/MathML | |
| https://reactjs.org/link/react-polyfills | https://mui.com/production-error/?code= | |
| http://fb.me/use-check-prop-types | https://next.textus.com/ | |
| https://embed.textus.com/0b09154 | https://embed.textus.com/0b09154/target | |
| https://clients2.google.com/service/update2/crx | https://app.bullhornstaffing.com/ | |
| https://cdn.segment.com | https://extension.textus.com | |
| https://help.textus.com | https://fonts.googleapis.com/icon?family=Material+Icons | |
| https://lodash.com/ | https://openjsf.org/ | |
| https://lodash.com/license | http://underscorejs.org/LICENSE | |
| https://pusher.com/ | https://github.com/facebook/regenerator/blob/main/LICENSE | |
| https://github.com/cssinjs/jss | http://jedwatson.github.io/classnames |
Raw Manifest
{ "name": "TextUs Next Extension (Legacy)", "icons": { "16": "icons/textus-icon16.png", "32": "icons/textus-icon32.png", "48": "icons/textus-icon48.png", "128": "icons/textus-icon128.png" }, "author": "TextUs", "version": "4.0.41", "commands": { "find_numbers": { "description": "Find numbers on the page", "suggested_key": { "mac": "Command+Shift+Y", "default": "Ctrl+Shift+Y" } }, "open_extension": { "description": "Opens the extension", "suggested_key": { "mac": "Command+Shift+U", "default": "Ctrl+Shift+U" } }, "toggle_slideout": { "description": "Open slideout in current tab", "suggested_key": { "mac": "Command+Shift+S", "default": "Ctrl+Shift+S" } } }, "background": { "scripts": [ "scripts/background.js" ] }, "options_ui": { "page": "options.html", "open_in_tab": false }, "update_url": "https://clients2.google.com/service/update2/crx", "description": "Business-class Texting Software - Start texting directly from your CRM, ATS or any website.", "permissions": [ "activeTab", "contextMenus", "storage", "tabs", "alarms", "idle", "https://app.bullhornstaffing.com/*", "https://*.lightning.force.com/*", "https://next.textus.com/*", "https://texting.bullhorn.com/*", "https://talentreef.textus.com/*", "http://*/*", "https://*/*" ], "browser_action": { "default_popup": "popup.html", "default_title": "TextUs Next" }, "content_scripts": [ { "js": [ "scripts/addClickHandlers.js" ], "css": [ "styles/addClickHandlers.css" ], "run_at": "document_end", "matches": [ "https://*.dynamics.com/*", "https://*.bullhornstaffing.com/*", "https://*.lightning.force.com/*", "https://*.jobappnetwork.com/*", "https://*.salesforce.com/*", "https://*.jobappdemo.com/*", "https://*.trdev.co/*", "http://localhost:8001/*" ], "all_frames": true }, { "js": [ "scripts/tesseractBridge.js" ], "run_at": "document_end", "matches": [ "https://next.textus.com/*", "https://texting.bullhorn.com/*", "https://talentreef.textus.com/*" ], "all_frames": true }, { "js": [ "scripts/slideout.js" ], "css": [ "styles/slideout.css" ], "run_at": "document_end", "matches": [ "http://*/*", "https://*/*" ], "all_frames": false, "exclude_globs": [ "https://next.textus.com/*", "https://texting.bullhorn.com/*", "https://talentreef.textus.com/*", "http://localhost:3001*", "https://extension.textus.com*", "https://embed.textus.com/0b09154*", "https://help.textus.com*" ] }, { "js": [ "scripts/contactMatchObserver.js" ], "run_at": "document_end", "matches": [ "http://*/*", "https://*/*" ], "all_frames": true, "exclude_globs": [ "https://next.textus.com/*", "https://texting.bullhorn.com/*", "https://talentreef.textus.com/*", "http://localhost:3001*", "https://extension.textus.com*", "https://embed.textus.com/0b09154*" ] } ], "manifest_version": 2, "content_security_policy": "script-src 'self' https://cdn.segment.com; object-src 'self'", "web_accessible_resources": [ "icons/*.*", "styles/*.*", "extension.html", "slideout.html" ] }
ⓘ CRXaminer has partnered with our friends at Secure Annex to provide additional findings unique to their platform.
Secure Annex also analyzes extensions from other browsers, IDEs, and can continuously monitor.
This extension may not yet be analyzed by Secure Annex.