Extension Details
Rating:
4.7 ★
(63.2K ratings)
Context-Aware Verdict
This section provides a Claude-based AI analysis that applies additional context to the risk. Results are not guaranteed to be accurate.
CRITICAL
Overall Risk
Trust Factors: The extension has a strong rating of 4.7 stars from over 63,000 reviews, suggesting user satisfaction. However, the lack of visible developer information and company details raises transparency concerns. VPN services are inherently sensitive as they handle all user traffic, making developer credibility crucial.
Concerns: This extension exhibits multiple red flags beyond its extensive permissions. The combination of proxy, webRequest, and management permissions creates a powerful toolkit that could intercept all web traffic, modify requests, and potentially control other extensions. The broad host permissions across all URLs mean it can access every website you visit. The webNavigation and tabs permissions allow comprehensive browsing surveillance. Most concerning is the management permission, which could enable the extension to disable security tools or install additional malicious extensions.
The offscreen permission combined with content scripts on all HTTP/HTTPS sites suggests the extension can execute code on every webpage, potentially injecting malicious content or stealing credentials.
Recommendations: Given the critical risk level, avoid installing this extension on your primary browser profile. If you must use it, create a dedicated Chrome profile with no saved passwords, personal data, or other sensitive extensions. Consider using established VPN applications instead of browser extensions for better security isolation. Regularly monitor your other extensions for unauthorized changes if you proceed with installation.
Findings
This section provides a detailed analysis of the extension's security posture, without broader context. Assumes worst-case impact.
HIGH
Broad Host Permissions
This extension has broad host permissions allowing it to access many or all websites. This could potentially be used to steal sensitive data or track browsing activity.
HIGH
High-Risk Permission: management
This extension has the management permission. Can manage other extensions. This could potentially be used maliciously to compromise security or privacy.
HIGH
High-Risk Permission: proxy
This extension has the proxy permission. Can control proxy settings. This could potentially be used maliciously to compromise security or privacy.
HIGH
High-Risk Permission: tabs
This extension has the tabs permission. Can access browser tab information and manipulate tabs. This could potentially be used maliciously to compromise security or privacy.
HIGH
High-Risk Permission: webNavigation
This extension has the webNavigation permission. Can track your web navigation. This could potentially be used maliciously to compromise security or privacy.
HIGH
High-Risk Permission: webRequest
This extension has the webRequest permission. Can intercept and modify web requests. This could potentially be used maliciously to compromise security or privacy.
MEDIUM
Medium-Risk Permission: storage
This extension has the storage permission. Can store data locally.
Security Analysis Details
Required Permissions:
- webRequestAuthProvider
- offscreen
- alarms
- management
- proxy
- scripting
- storage
- tabs
- webNavigation
- webRequest
Optional Permissions:
- privacy
Host Permissions:
- <all_urls>
- https://*.bugsnag.com/*
Embedded URLs (58 total):
| https://www.twitch.tv/eslcs | https://www.instagram.com/api/v1/users/web_profile_info/?username= | |
| https://authentication.urban-vpn.com | https://analytics-toolbar.urban-vpn.com | |
| https://ai-user-protection.urban-vpn.com/api/rest/v2/secure/content/checkUserPrivacy | http://www.w3.org/2000/svg | |
| https://github.com/uuidjs/uuid#getrandomvalues-not-supported | http://www.w3.org/1999/xlink | |
| https://vuejs.org/error-reference/#runtime- | http://meyerweb.com/eric/tools/css/reset/ | |
| http://www.w3.org/1998/Math/MathML | https://v3-migration.vuejs.org/breaking-changes/custom-elements-interop.html | |
| https://v3-migration.vuejs.org/breaking-changes/v-model.html | https://v3-migration.vuejs.org/breaking-changes/v-bind.html | |
| https://v3-migration.vuejs.org/breaking-changes/v-on-native-modifier-removed.html | https://v3-migration.vuejs.org/breaking-changes/v-if-v-for.html | |
| https://v3-migration.vuejs.org/breaking-changes/inline-template-attribute.html | https://v3-migration.vuejs.org/breaking-changes/filters.html | |
| https://vuejs.org/error-reference/#compiler- | https://www.urban-vpn.com/ | |
| https://www.facebook.com/ | https://www.tiktok.com/@ | |
| https://clients2.google.com/service/update2/crx | https://github.com/vuejs/core | |
| https://api-pro.urban-vpn.com/rest/v1/storeLinks | https://notify.bugsnag.com | |
| https://sessions.bugsnag.com | https://tinyurl.com/yy3rn63z | |
| https://github.com/bugsnag/bugsnag-js | https://chrome.google.com/webstore/detail/urban-free-vpn-proxy-unbl/eppiocemhmnlbhjplcgkofciiegomcon/reviews | |
| https://example.com | https://www.google-analytics.com/mp/collect | |
| https://www.cloudflare.com/ | https://www.youtube.com/ | |
| https://www.google.com/ | https://facebook.com/ | |
| https://www.wikipedia.org/ | https://api-pro.urban-vpn.com/ | |
| https://stats.urban-vpn.com/ | https://dns.google/resolve | |
| https://dns.alidns.com/resolve | https://cloudflare-dns.com/dns-query | |
| https://api-pro.urban-vpn.com/rest/v1 | https://geo.geosurf.io/ | |
| https://config-toolbar.urban-vpn.com/rest/v3/configs/extensions/urban-vpn | https://www.urban-vpn.com/free-products/free-windows-vpn/ | |
| https://play.google.com/store/apps/details?id=com.urbanvpn.premium.android | https://apps.apple.com/us/app/urban-vpn/id1517016374 | |
| https://www.urban-vpn.com/free-products/free-mac-vpn/ | https://stats.urban-vpn.com/api/rest/v2 | |
| https://api-pro.urban-vpn.com/rest/v1/redirect | https://authentication.urban-vpn.com/rest/v1 | |
| https://www.google-analytics.com | https://www.youtube.com/favicon.ico | |
| https://analytics.urban-vpn.com/rest/v1 | https://anti-phishing-protection-toolbar.urban-vpn.com/api/rest/v2 | |
| https://anti-phishing-protection.urban-vpn.com/rest/v1 | https://anti-phishing-protection.urban-vpn.com/rest/v2 |
Raw Manifest
{ "name": "__MSG_appName__", "icons": { "16": "icons/icon-pink-16.png", "48": "icons/icon-pink-48.png", "128": "icons/icon-pink-128.png" }, "action": { "default_icon": "icons/icon-pink-16.png", "default_popup": "popup/index.html", "default_title": "Urban VPN" }, "version": "5.12.4", "background": { "service_worker": "service-worker/index.js" }, "update_url": "https://clients2.google.com/service/update2/crx", "description": "__MSG_appDesc__", "permissions": [ "webRequestAuthProvider", "offscreen", "alarms", "management", "proxy", "scripting", "storage", "tabs", "webNavigation", "webRequest" ], "homepage_url": "https://www.urban-vpn.com/", "default_locale": "en", "content_scripts": [ { "js": [ "ad-blocker/content.js" ], "run_at": "document_start", "matches": [ "https://*/*", "http://*/*" ], "all_frames": true, "match_about_blank": true }, { "js": [ "content/content.js" ], "run_at": "document_start", "matches": [ "https://*/*", "http://*/*" ] } ], "host_permissions": [ "<all_urls>", "https://*.bugsnag.com/*" ], "manifest_version": 3, "optional_permissions": [ "privacy" ], "minimum_chrome_version": "110.0", "web_accessible_resources": [ { "matches": [ "<all_urls>" ], "resources": [ "/content/anti-male-ware-notification/index.html", "/content/safe-price-check-notification/index.html", "/content/vpn-notification/index.html", "/content/terminated-connection-notification/index.html", "/content/consent-reminder-notification/index.html" ] }, { "matches": [ "https://*/*", "http://*/*" ], "resources": [ "/content/location/location.js" ] }, { "matches": [ "<all_urls>" ], "resources": [ "/libs/extend-native-history-api.js", "/libs/requests.js" ] }, { "matches": [ "*://*/*" ], "resources": [ "executors/*" ] } ] }
ⓘ CRXaminer has partnered with our friends at Secure Annex to provide additional findings unique to their platform.
Secure Annex also analyzes extensions from other browsers, IDEs, and can continuously monitor.
Loading Secure Annex data...
Unable to load Secure Annex data.
This extension may not yet be analyzed by Secure Annex.
Detections
0Critical
0
High
0
Medium
0
Low
0
Has Verdicts
Yes
Manifest Findings
0Critical
0
High
0
Medium
0
Low
0
Secure Annex analyzed version: -