Extension Details
Context-Aware Verdict
The extension has a decent user base of 30,000 users and maintains a perfect 5.0 rating, though this is based on only 2 reviews which limits its reliability. Sovos is a legitimate tax technology company that provides compliance solutions, lending credibility to this extension. The extension appears to be designed as a launcher for Sovos Taxport services, which aligns with the company's business model.
The native messaging permission allows the extension to communicate with native applications on the user's computer, which could potentially be misused if compromised. While this permission is likely necessary for the extension's intended functionality as a launcher, it does create a pathway between the browser and the local system. The content scripts are restricted to Sovos and Convey domains, which is appropriately scoped for the extension's purpose. The lack of detailed developer information and recent update timestamp makes it difficult to assess ongoing maintenance and support.
This extension appears relatively safe for users who specifically need Sovos Taxport functionality. However, due to the native messaging capability, consider installing it only if you actively use Sovos services. Monitor the extension for any unusual behavior or unexpected system interactions. If you don't regularly use Sovos products, consider removing the extension to minimize your attack surface.
Findings
Security Analysis Details
Required Permissions:
- nativeMessaging
Embedded URLs (1 total):
| https://clients2.google.com/service/update2/crx |
Raw Manifest
{ "name": "Sovos Taxport Launcher", "icons": { "16": "icons/logo16.png", "48": "icons/logo48.png", "128": "icons/logo128.png" }, "version": "1.1.0", "background": { "type": "module", "service_worker": "background.js" }, "update_url": "https://clients2.google.com/service/update2/crx", "description": "Enables launching and updating Taxport.", "permissions": [ "nativeMessaging" ], "content_scripts": [ { "js": [ "jquery-3.6.0.min.js", "content.js" ], "run_at": "document_end", "matches": [ "*://*.convey.com/*", "*://*.sovos.com/*" ], "exclude_matches": [ "*://dev.taxport.convey.com/*", "*://somdev-taxport.dev.sovos.org/*" ] } ], "manifest_version": 3 }
ⓘ CRXaminer has partnered with our friends at Secure Annex to provide additional findings unique to their platform.
Secure Annex also analyzes extensions from other browsers, IDEs, and can continuously monitor.
This extension may not yet be analyzed by Secure Annex.