Avast SafePrice | Comparison, deals, coupons
Version 23.1.1691 View in Chrome Web Store
Last scanned: 2 days ago
| force re-scan
Extension Details
Developer:
https://www.avast.com/
Rating:
3.5 ★
(12 ratings)
Size:
3.14MiB
Last Updated:
April 22, 2023
Users:
30,000
Developer Info:
Gen Digital60 E Rio Salado Pkwy
Tempe, AZ 85281-9124
US
Context-Aware Verdict
This section provides a Claude-based AI analysis that applies additional context to the risk. Results are not guaranteed to be accurate.
HIGH
Risk Level
Trust Factors:
- The extension is developed by Avast, a reputable cybersecurity company, which adds some level of trust.
- The extension has a relatively high number of users (30,000), suggesting a certain level of popularity and trust among users.
- However, the extension has a relatively low rating (3.5/5) based on 12 reviews, which raises some concerns.
Concerns:
- The extension has several high-risk permissions, including tabs, webNavigation, and webRequest, which could potentially be used maliciously to compromise security or privacy.
- The extension can inject scripts into any website, allowing it to read sensitive data, modify website content, or steal credentials.
- The extension uses Manifest Version 2, which has fewer security restrictions than the newer Manifest V3.
Recommendations:
- Exercise caution when using this extension, as it has several high-risk permissions and the ability to inject scripts into any website.
- Consider running the extension in a separate Chrome profile or a sandboxed environment to minimize potential risks.
- Monitor the extension's behavior and check for any suspicious activities or unauthorized data access.
- Keep an eye on updates from Avast and the extension's reviews to stay informed about any potential security issues or concerns raised by other users.
- Consider using alternative extensions with similar functionality but fewer high-risk permissions or those that have upgraded to Manifest V3.
Security Analysis
This section provides a detailed analysis of the extension's security posture, without broader context. Assumes worst-case impact.
CRITICAL
Overall Risk
Based on 6 total findings, ranked without considering overall context, including 4 high-risk and 2 medium-risk findings.
HIGH
Broad Content Script Injection
This extension can inject scripts into any website. This means it could potentially read sensitive data, modify website content, or steal credentials.
HIGH
High-Risk Permission: tabs
This extension has the tabs permission. Can access browser tab information and manipulate tabs. This could potentially be used maliciously to compromise security or privacy.
HIGH
High-Risk Permission: webNavigation
This extension has the webNavigation permission. Can track your web navigation. This could potentially be used maliciously to compromise security or privacy.
HIGH
High-Risk Permission: webRequest
This extension has the webRequest permission. Can intercept and modify web requests. This could potentially be used maliciously to compromise security or privacy.
MEDIUM
Medium-Risk Permission: storage
This extension has the storage permission. Can store data locally.
MEDIUM
Older Manifest Version
This extension uses Manifest Version 2, which has fewer security restrictions than Manifest V3. Consider using extensions that have upgraded to V3.
Security Analysis Details
Required Permissions:
- *://*.avast.com/*
- http://*/*
- https://*/*
- storage
- tabs
- webNavigation
- webRequest
Embedded URLs (173 total):
| https://clients2.google.com/service/update2/crx | https://bugs.chromium.org/p/chromium/issues/detail?id=115138 | |
| https://cml.avast.com/display/FF/Avast+Analytics+Product+Code | https://analytics.ff.avast.com:443/receive3 | |
| https://analytics-stage.ff.avast.com:443/receive3 | https://sizzlejs.com/ | |
| https://js.foundation/ | https://jsperf.com/thor-indexof-vs-for/5 | |
| http://www.w3.org/TR/css3-selectors/#whitespace | https://www.w3.org/TR/css-syntax-3/#ident-token-diagram | |
| http://www.w3.org/TR/selectors/#attribute-selectors | http://www.w3.org/TR/CSS21/syndata.html#escaped-characters | |
| https://drafts.csswg.org/cssom/#common-serializing-idioms | https://html.spec.whatwg.org/multipage/scripting.html#selector-enabled | |
| https://html.spec.whatwg.org/multipage/scripting.html#selector-disabled | https://html.spec.whatwg.org/multipage/forms.html#category-listed | |
| https://html.spec.whatwg.org/multipage/forms.html#concept-fe-disabled | https://html.spec.whatwg.org/multipage/forms.html#concept-option-disabled | |
| https://bugs.jquery.com/ticket/4833 | https://bugs.jquery.com/ticket/13378 | |
| https://bugs.jquery.com/ticket/12359 | https://msdn.microsoft.com/en-us/library/ie/hh465388.aspx#attribute_section | |
| http://www.w3.org/TR/2011/REC-css3-selectors-20110929/#checked | https://bugs.webkit.org/show_bug.cgi?id=136851 | |
| https://github.com/jquery/sizzle/pull/225 | http://www.w3.org/TR/selectors/#pseudo-classes | |
| http://www.w3.org/TR/selectors/#lang-pseudo | http://www.w3.org/TR/selectors/#empty-pseudo | |
| https://msdn.microsoft.com/en-us/library/ms536429%28VS.85%29.aspx | http://pegjs.org/ | |
| http://social.msdn.microsoft.com/Forums/en-US/iewebdevelopment/thread/30ef3add-767c-4436-b8a9-f1ca19b4812e/ | https://github.com/hij1nx/EventEmitter2 | |
| https://jquery.com/ | https://jquery.org/license | |
| https://github.com/whatwg/html/issues/2369 | https://html.spec.whatwg.org/#nonce-attributes | |
| https://promisesaplus.com/#point-59 | https://promisesaplus.com/#point-48 | |
| https://promisesaplus.com/#point-54 | https://promisesaplus.com/#point-75 | |
| https://promisesaplus.com/#point-64 | https://promisesaplus.com/#point-61 | |
| https://promisesaplus.com/#point-57 | https://bugs.chromium.org/p/chromium/issues/detail?id=378607 | |
| https://bugs.jquery.com/ticket/13393 | https://www.w3.org/TR/DOM-Level-3-Events/#event-type-click | |
| https://www.w3.org/TR/2003/WD-DOM-Level-3-Events-20030331/ecma-script-binding.html | https://bugs.chromium.org/p/chromium/issues/detail?id=470258 | |
| https://connect.microsoft.com/IE/feedback/details/1736512/ | https://jsperf.com/getall-vs-sizzle/2 | |
| https://drafts.csswg.org/cssom/#resolved-values | https://developer.mozilla.org/en-US/docs/CSS/display | |
| https://web.archive.org/web/20100324014747/http://blindsignals.com/index.php/2009/07/jquery-delay/ | https://html.spec.whatwg.org/multipage/syntax.html#attributes-2 | |
| https://web.archive.org/web/20141116233347/http://fluidproject.org/blog/2008/01/09/getting-setting-and-removing-tabindex-values-with-javascript/ | https://infra.spec.whatwg.org/#strip-and-collapse-ascii-whitespace | |
| https://html.spec.whatwg.org/#strip-and-collapse-whitespace | https://bugzilla.mozilla.org/show_bug.cgi?id=687787 | |
| http://www.w3.org/TR/DOM-Level-3-Events/#events-focusevent-event-order | https://bugs.chromium.org/p/chromium/issues/detail?id=449857 | |
| http://example.com:80x/ | https://bugs.webkit.org/show_bug.cgi?id=137337 | |
| https://bugs.webkit.org/show_bug.cgi?id=29084 | https://bugs.chromium.org/p/chromium/issues/detail?id=589347 | |
| https://github.com/jrburke/requirejs/wiki/Updating-existing-libraries#wiki-anon | https://github.com/jquery/jquery/pull/557 | |
| https://lodash.com/ | http://dojofoundation.org/ | |
| http://underscorejs.org/LICENSE | https://lodash.com/license | |
| http://ecma-international.org/ecma-262/6.0/#sec-patterns | http://ecma-international.org/ecma-262/6.0/#sec-escaperegexppattern | |
| https://en.wikipedia.org/wiki/Combining_Diacritical_Marks | http://ecma-international.org/ecma-262/6.0/#sec-template-literal-lexical-components | |
| https://github.com/jashkenas/underscore/issues/1621 | https://github.com/jashkenas/underscore/pull/1247 | |
| https://code.google.com/p/v8/issues/detail?id=90 | https://es5.github.io/#x11.1.5 | |
| http://ecma-international.org/ecma-262/6.0/#sec-object.prototype.tostring | http://ecma-international.org/ecma-262/6.0/#sec-number.max_safe_integer |
Page 1 of 3
Raw Manifest
{ "name": "__MSG_avastAppShortName__", "icons": { "48": "common/ui/icons/logo-safeprice-48.png", "64": "common/ui/icons/logo-safeprice-64.png", "96": "common/ui/icons/logo-safeprice-96.png", "128": "common/ui/icons/logo-safeprice-128.png" }, "author": "Avast", "version": "23.1.1691", "background": { "scripts": [ "common/libs/q.js", "common/libs/eventemitter2.js", "common/libs/protobuf.js", "common/libs/lodash.js", "common/scripts/gpb.js", "common/libs/burger.js", "scripts/abek.bl.crx.js", "common/scripts/query.js", "common/scripts/wrc.js", "common/scripts/bal.js", "scripts/bs.crx.js", "scripts/bs.sp.crx.js" ] }, "options_ui": { "page": "options.html", "open_in_tab": true }, "update_url": "https://clients2.google.com/service/update2/crx", "description": "__MSG_avastAppDesc__", "permissions": [ "*://*.avast.com/*", "http://*/*", "https://*/*", "storage", "tabs", "webNavigation", "webRequest" ], "browser_action": { "default_icon": "common/ui/icons/logo-safeprice-gray.png" }, "default_locale": "en", "content_scripts": [ { "js": [ "common/libs/jquery.js", "common/libs/mustache.js", "common/libs/eventemitter2.js", "common/scripts/templates.js", "common/scripts/ial.js", "common/libs/csl.parser.js", "scripts/extension.js" ], "css": [ "common/ui/css/extension.css", "common/ui/fonts/fonts.css" ], "run_at": "document_end", "matches": [ "*://*/*" ], "exclude_matches": [ "*://*.google.com/maps/*", "*://*.google.ad/maps/*", "*://*.google.ae/maps/*", "*://*.google.com.af/maps/*", "*://*.google.com.ag/maps/*", "*://*.google.com.ai/maps/*", "*://*.google.al/maps/*", "*://*.google.am/maps/*", "*://*.google.co.ao/maps/*", "*://*.google.com.ar/maps/*", "*://*.google.as/maps/*", "*://*.google.at/maps/*", "*://*.google.com.au/maps/*", "*://*.google.az/maps/*", "*://*.google.ba/maps/*", "*://*.google.com.bd/maps/*", "*://*.google.be/maps/*", "*://*.google.bf/maps/*", "*://*.google.bg/maps/*", "*://*.google.com.bh/maps/*", "*://*.google.bi/maps/*", "*://*.google.bj/maps/*", "*://*.google.com.bn/maps/*", "*://*.google.com.bo/maps/*", "*://*.google.com.br/maps/*", "*://*.google.bs/maps/*", "*://*.google.bt/maps/*", "*://*.google.co.bw/maps/*", "*://*.google.by/maps/*", "*://*.google.com.bz/maps/*", "*://*.google.ca/maps/*", "*://*.google.cd/maps/*", "*://*.google.cf/maps/*", "*://*.google.cg/maps/*", "*://*.google.ch/maps/*", "*://*.google.ci/maps/*", "*://*.google.co.ck/maps/*", "*://*.google.cl/maps/*", "*://*.google.cm/maps/*", "*://*.google.cn/maps/*", "*://*.google.com.co/maps/*", "*://*.google.co.cr/maps/*", "*://*.google.com.cu/maps/*", "*://*.google.cv/maps/*", "*://*.google.com.cy/maps/*", "*://*.google.cz/maps/*", "*://*.google.de/maps/*", "*://*.google.dj/maps/*", "*://*.google.dk/maps/*", "*://*.google.dm/maps/*", "*://*.google.com.do/maps/*", "*://*.google.dz/maps/*", "*://*.google.com.ec/maps/*", "*://*.google.ee/maps/*", "*://*.google.com.eg/maps/*", "*://*.google.es/maps/*", "*://*.google.com.et/maps/*", "*://*.google.fi/maps/*", "*://*.google.com.fj/maps/*", "*://*.google.fm/maps/*", "*://*.google.fr/maps/*", "*://*.google.ga/maps/*", "*://*.google.ge/maps/*", "*://*.google.gg/maps/*", "*://*.google.com.gh/maps/*", "*://*.google.com.gi/maps/*", "*://*.google.gl/maps/*", "*://*.google.gm/maps/*", "*://*.google.gr/maps/*", "*://*.google.com.gt/maps/*", "*://*.google.gy/maps/*", "*://*.google.com.hk/maps/*", "*://*.google.hn/maps/*", "*://*.google.hr/maps/*", "*://*.google.ht/maps/*", "*://*.google.hu/maps/*", "*://*.google.co.id/maps/*", "*://*.google.ie/maps/*", "*://*.google.co.il/maps/*", "*://*.google.im/maps/*", "*://*.google.co.in/maps/*", "*://*.google.iq/maps/*", "*://*.google.is/maps/*", "*://*.google.it/maps/*", "*://*.google.je/maps/*", "*://*.google.com.jm/maps/*", "*://*.google.jo/maps/*", "*://*.google.co.jp/maps/*", "*://*.google.co.ke/maps/*", "*://*.google.com.kh/maps/*", "*://*.google.ki/maps/*", "*://*.google.kg/maps/*", "*://*.google.co.kr/maps/*", "*://*.google.com.kw/maps/*", "*://*.google.kz/maps/*", "*://*.google.la/maps/*", "*://*.google.com.lb/maps/*", "*://*.google.li/maps/*", "*://*.google.lk/maps/*", "*://*.google.co.ls/maps/*", "*://*.google.lt/maps/*", "*://*.google.lu/maps/*", "*://*.google.lv/maps/*", "*://*.google.com.ly/maps/*", "*://*.google.co.ma/maps/*", "*://*.google.md/maps/*", "*://*.google.me/maps/*", "*://*.google.mg/maps/*", "*://*.google.mk/maps/*", "*://*.google.ml/maps/*", "*://*.google.com.mm/maps/*", "*://*.google.mn/maps/*", "*://*.google.ms/maps/*", "*://*.google.com.mt/maps/*", "*://*.google.mu/maps/*", "*://*.google.mv/maps/*", "*://*.google.mw/maps/*", "*://*.google.com.mx/maps/*", "*://*.google.com.my/maps/*", "*://*.google.co.mz/maps/*", "*://*.google.com.na/maps/*", "*://*.google.com.ng/maps/*", "*://*.google.com.ni/maps/*", "*://*.google.ne/maps/*", "*://*.google.nl/maps/*", "*://*.google.no/maps/*", "*://*.google.com.np/maps/*", "*://*.google.nr/maps/*", "*://*.google.nu/maps/*", "*://*.google.co.nz/maps/*", "*://*.google.com.om/maps/*", "*://*.google.com.pa/maps/*", "*://*.google.com.pe/maps/*", "*://*.google.com.pg/maps/*", "*://*.google.com.ph/maps/*", "*://*.google.com.pk/maps/*", "*://*.google.pl/maps/*", "*://*.google.pn/maps/*", "*://*.google.com.pr/maps/*", "*://*.google.ps/maps/*", "*://*.google.pt/maps/*", "*://*.google.com.py/maps/*", "*://*.google.com.qa/maps/*", "*://*.google.ro/maps/*", "*://*.google.ru/maps/*", "*://*.google.rw/maps/*", "*://*.google.com.sa/maps/*", "*://*.google.com.sb/maps/*", "*://*.google.sc/maps/*", "*://*.google.se/maps/*", "*://*.google.com.sg/maps/*", "*://*.google.sh/maps/*", "*://*.google.si/maps/*", "*://*.google.sk/maps/*", "*://*.google.com.sl/maps/*", "*://*.google.sn/maps/*", "*://*.google.so/maps/*", "*://*.google.sm/maps/*", "*://*.google.sr/maps/*", "*://*.google.st/maps/*", "*://*.google.com.sv/maps/*", "*://*.google.td/maps/*", "*://*.google.tg/maps/*", "*://*.google.co.th/maps/*", "*://*.google.com.tj/maps/*", "*://*.google.tl/maps/*", "*://*.google.tm/maps/*", "*://*.google.tn/maps/*", "*://*.google.to/maps/*", "*://*.google.com.tr/maps/*", "*://*.google.tt/maps/*", "*://*.google.com.tw/maps/*", "*://*.google.co.tz/maps/*", "*://*.google.com.ua/maps/*", "*://*.google.co.ug/maps/*", "*://*.google.co.uk/maps/*", "*://*.google.com.uy/maps/*", "*://*.google.co.uz/maps/*", "*://*.google.com.vc/maps/*", "*://*.google.co.ve/maps/*", "*://*.google.vg/maps/*", "*://*.google.co.vi/maps/*", "*://*.google.com.vn/maps/*", "*://*.google.vu/maps/*", "*://*.google.ws/maps/*", "*://*.google.rs/maps/*", "*://*.google.co.za/maps/*", "*://*.google.co.zm/maps/*", "*://*.google.co.zw/maps/*", "*://*.google.cat/maps/*" ] } ], "manifest_version": 2, "web_accessible_resources": [ "common/ui/*", "common/ui/icons/*", "common/ui/css/*", "common/ui/fonts/*" ] }
Secure Annex (beta)
Coming soon...