[ new scan ] [ statistics ] [ github ] [ twitter ] [ help ]

SysTrack Web Collection

Version 3.0.1 View in Chrome Web Store

Last scanned: about 17 hours ago

Extension Details

Rating: 3.7 ★

Users: 60,000

Context-Aware Verdict

HIGH

Overall Risk

Trust Factors:

The extension has a moderate user base of 60,000 users and a rating of 3.7, which suggests some level of community acceptance. However, the lack of clear developer information and company details raises transparency concerns. The name "SysTrack Web Collection" suggests it's designed for system tracking or monitoring purposes, which could be legitimate for enterprise environments but concerning for general consumer use.

Concerns:

The extension possesses an extremely powerful combination of permissions that creates significant privacy and security risks. The webRequest permission allows it to intercept and potentially modify all web traffic, while the broad host permissions grant access to every website you visit. This combination enables comprehensive monitoring of your entire browsing activity, including sensitive data like login credentials, personal information, and private communications. The storage permission adds the ability to retain this collected data locally. For a tracking extension, these permissions may be functionally necessary but create substantial surveillance capabilities.

Recommendations:

Given the high-risk nature of this extension, consider running it in a completely separate Chrome profile if you must use it, especially if it's required for work purposes. Avoid using this profile for personal browsing, banking, or accessing sensitive websites. Verify with your IT department if this is a legitimate enterprise tool before installation. Consider whether the tracking functionality is truly necessary for your needs, as the privacy trade-offs are substantial.

Findings

HIGH

Broad Host Permissions

This extension has broad host permissions allowing it to access many or all websites. This could potentially be used to steal sensitive data or track browsing activity.

HIGH

High-Risk Permission: webRequest

This extension has the webRequest permission. Can intercept and modify web requests. This could potentially be used maliciously to compromise security or privacy.

MEDIUM

Medium-Risk Permission: storage

This extension has the storage permission. Can store data locally.

Raw Manifest

{
  "name": "SysTrack Web Collection",
  "icons": {
    "48": "icon48.png",
    "128": "icon128.png"
  },
  "version": "3.0.1",
  "background": {
    "type": "module",
    "service_worker": "lsihookServiceWorker.js"
  },
  "update_url": "https://clients2.google.com/service/update2/crx",
  "description": "Load time and responsiveness monitor",
  "permissions": [
    "storage",
    "webRequest"
  ],
  "content_scripts": [
    {
      "js": [
        "lsihookContent.js"
      ],
      "run_at": "document_start",
      "matches": [
        "http://*/*",
        "https://*/*"
      ]
    }
  ],
  "host_permissions": [
    "<all_urls>"
  ],
  "manifest_version": 3
}

by ✦ Astarte

SysTrack Web Collection

Extension Details

Context-Aware Verdict

Findings

Security Analysis Details

Required Permissions:

Host Permissions:

Embedded URLs (1 total):

Raw Manifest

Detections

Manifest Findings