[ new scan ] [ statistics ] [ github ] [ twitter ] [ help ]

SysTrack Web Collection

Version 3.0.1 View in Chrome Web Store

Last scanned: about 6 hours ago

Extension Details

Rating: 3.7 ★

Users: 50,000

Context-Aware Verdict

HIGH

Overall Risk

Trust Factors: The extension has a moderate user base of 50,000 users and a rating of 3.7, which suggests some level of community acceptance. However, the lack of clear developer information and company details raises transparency concerns. The name "SysTrack Web Collection" suggests it's designed for system tracking or monitoring purposes, which could be legitimate for enterprise environments.

Concerns:

- The webRequest permission combined with <all_urls> host permissions creates a powerful surveillance capability that can intercept and potentially modify all web traffic

- Content scripts running on all HTTP and HTTPS sites enable comprehensive data collection across the entire web browsing experience

- The broad permissions far exceed what most legitimate extensions require, creating unnecessary attack surface

- Missing developer information makes it difficult to verify the extension's legitimacy and intended use case

- The combination of storage permission with web monitoring capabilities allows for persistent data collection

Recommendations:

Consider running this extension in a separate Chrome profile dedicated to work or specific monitoring needs if it's required by your organization. Verify with your IT department whether this extension is officially sanctioned. For personal use, the risk-to-benefit ratio appears unfavorable unless you have a specific need for web traffic monitoring. Monitor your browsing behavior and consider alternatives with more limited permissions if similar functionality is needed.

Findings

HIGH

Broad Host Permissions

This extension has broad host permissions allowing it to access many or all websites. This could potentially be used to steal sensitive data or track browsing activity.

HIGH

High-Risk Permission: webRequest

This extension has the webRequest permission. Can intercept and modify web requests. This could potentially be used maliciously to compromise security or privacy.

MEDIUM

Medium-Risk Permission: storage

This extension has the storage permission. Can store data locally.

Raw Manifest

{
  "name": "SysTrack Web Collection",
  "icons": {
    "48": "icon48.png",
    "128": "icon128.png"
  },
  "version": "3.0.1",
  "background": {
    "type": "module",
    "service_worker": "lsihookServiceWorker.js"
  },
  "update_url": "https://clients2.google.com/service/update2/crx",
  "description": "Load time and responsiveness monitor",
  "permissions": [
    "storage",
    "webRequest"
  ],
  "content_scripts": [
    {
      "js": [
        "lsihookContent.js"
      ],
      "run_at": "document_start",
      "matches": [
        "http://*/*",
        "https://*/*"
      ]
    }
  ],
  "host_permissions": [
    "<all_urls>"
  ],
  "manifest_version": 3
}

by ✦ Astarte

SysTrack Web Collection

Extension Details

Context-Aware Verdict

Findings

Security Analysis Details

Required Permissions:

Host Permissions:

Embedded URLs (1 total):

Raw Manifest

Detections

Manifest Findings