[ new scan ] [ statistics ] [ github ] [ twitter ] [ help ]

USU SelfHealing Extension

Version 1.0.5 View in Chrome Web Store

Last scanned: about 2 hours ago

Extension Details

Rating: 0.0 ★

Users: 19

Context-Aware Verdict

HIGH

Overall Risk

Trust Factors:

The extension has extremely limited adoption with only 19 users and no ratings, which raises significant concerns about its legitimacy and testing. The lack of author information and developer details makes it impossible to verify the publisher's credibility. The name suggests it's associated with Utah State University (USU), but without proper verification, this could be misleading or unauthorized use of institutional branding.

Concerns:

The most critical issue is the combination of broad host permissions (<all_urls>) with native messaging capabilities, creating a powerful attack vector. The extension can access all websites and communicate with native applications on your computer, which is extremely dangerous for an extension with such limited adoption. The storage and notifications permissions, while individually moderate risk, become more concerning when combined with the unrestricted web access. The lack of transparency about the extension's actual functionality and the absence of any user reviews or ratings further amplify security concerns.

Recommendations:

Do not install this extension due to the high-risk permission combination and lack of credible publisher information. If you must use it for legitimate USU-related purposes, first verify its authenticity through official USU IT channels. If verified as legitimate, run it in a completely isolated Chrome profile with no access to personal accounts, sensitive websites, or important data. Consider using a virtual machine for additional isolation. Monitor system activity closely if installed, and remove immediately if any suspicious behavior is detected.

Findings

HIGH

Broad Host Permissions

This extension has broad host permissions allowing it to access many or all websites. This could potentially be used to steal sensitive data or track browsing activity.

MEDIUM

Medium-Risk Permission: notifications

This extension has the notifications permission. Can show notifications.

MEDIUM

Medium-Risk Permission: storage

This extension has the storage permission. Can store data locally.

Raw Manifest

{
  "name": "USU SelfHealing Extension",
  "icons": {
    "16": "images/white_16.png",
    "32": "images/white_32.png",
    "48": "images/white_48.png",
    "56": "images/white_56.png",
    "64": "images/white_64.png",
    "96": "images/white_96.png",
    "128": "images/white_128.png"
  },
  "storage": {
    "managed_schema": "schema.json"
  },
  "version": "1.0.5",
  "background": {
    "type": "module",
    "service_worker": "background.js"
  },
  "update_url": "https://clients2.google.com/service/update2/crx",
  "description": "Required to use the self-service features on your desktop computer with the application USU Chatbot and USU Knowledge First",
  "permissions": [
    "nativeMessaging",
    "storage",
    "scripting",
    "notifications"
  ],
  "options_page": "html/options.html",
  "host_permissions": [
    "<all_urls>"
  ],
  "manifest_version": 3,
  "minimum_chrome_version": "96"
}

by ✦ Astarte

https://stackoverflow.com/a/56483156	https://stackoverflow.com/a/57608759
https://itsl.usu.de/	https://clients2.google.com/service/update2/crx
https://developer.chrome.com/docs/extensions/mv3/match_patterns/

USU SelfHealing Extension

Extension Details

Context-Aware Verdict

Findings

Security Analysis Details

Required Permissions:

Host Permissions:

Embedded URLs (5 total):

Raw Manifest

Detections

Manifest Findings