AeroLeads.com - Free B2B Phone Number & Email Finder
Version 6.4.17 View in Chrome Web Store
Extension Details
Context-Aware Verdict
The extension has a decent user base of 20,000 users and a solid 4.5-star rating from 227 reviews, suggesting legitimate functionality. AeroLeads appears to be an established B2B lead generation service with a clear business model. The extension uses Manifest V3, which provides better security controls than older versions.
The extension's permissions are extremely broad for a B2B contact finder. The ability to inject content scripts into all websites (<all_urls>) is particularly concerning, as this goes far beyond what's needed to extract contact information from LinkedIn and Google. The tabs permission allows monitoring of all browsing activity, not just target sites. The combination of broad host permissions with content script injection creates significant privacy risks, as the extension could theoretically capture sensitive data from banking sites, email providers, or any other websites you visit.
The access to Google domains and LinkedIn makes sense for the stated functionality, but the universal content script injection does not.
Consider running this extension in a separate Chrome profile dedicated only to lead generation activities. Avoid using this profile for sensitive activities like banking or personal email. Monitor the extension's behavior and consider alternatives with more limited permissions. If you must use it in your main profile, regularly review what data the extension has access to and consider disabling it when not actively prospecting for leads.
Findings
Security Analysis Details
Required Permissions:
- storage
- scripting
- tabs
- sidePanel
- notifications
- contextMenus
Host Permissions:
- https://aeroleads.com/*
- https://*.aeroleads.com/*
- https://linkedin.com/*
- https://*.linkedin.com/*
- https://*.google.com/*
Content Security Policy:
- extension_pages: script-src 'self'; object-src 'self'; frame-ancestors 'self' https://aeroleads.com;
Embedded URLs (39 total):
| https://aeroleadsmail.com | https://aeroleads.com | |
| https://clients2.google.com/service/update2/crx | https://aeroleads.com/ | |
| https://linkedin.com/ | https://www.linkedin.com/profile/view?id= | |
| https://www.linkedin.com | https://reactjs.org/docs/error-decoder.html?invariant= | |
| http://www.w3.org/1999/xlink | http://www.w3.org/XML/1998/namespace | |
| http://www.w3.org/2000/svg | http://www.w3.org/1998/Math/MathML | |
| http://www.w3.org/1999/xhtml | https://tailwindcss.com | |
| https://github.com/pushkargaikwad/AeroLeads-Chrome-Extension-NEW | https://aeroleads.com/assets/home_page/red_logo.png | |
| https://linkedin.com | http://jedwatson.github.io/classnames | |
| https://github.com/focus-trap/tabbable/blob/master/LICENSE | https://redux.js.org/Errors?code= | |
| https://bit.ly/3cXEKWf | https://redux-toolkit.js.org/Errors?code= | |
| http://bit.ly/redux-logger-options | https://aeroleads.com/pricing | |
| https://aeroleads.com/users/lists/ | https://www.linkedin.com/search/results/people/ | |
| https://www.linkedin.com/sales/search/people | https://angel.co/search | |
| https://www.crunchbase.com/discover/person/mark-cuban | https://aeroleads.com/assets/pages/company_pages/avatars/avatar1.png | |
| https://aeroleads.com/assets/placeholder-company.png | https://aeroleads.com/searches/profiles?page=1&list_id=&s%5Bep%5D=true&s%5Bpp%5D=true&submit=search | |
| https://aeroleads.com/searches/profiles?s%5Bcom%5D%5B%5D= | https://aeroleads.com/searches/companies?s%5Bkeywords%5D%5B%5D= | |
| https://aeroleads.com/c/ | https://news.google.com/search?q= | |
| https://news.google.com/rss/search?q= | https://api.rss2json.com/v1/api.json?rss_url= | |
| https://chromewebstore.google.com/detail/free-b2b-phone-number-ema/fcpepipgmkkjnljechjjimkaondedmbe/reviews |
Raw Manifest
{ "name": "__MSG_extensionName__", "icons": { "34": "icon-34.png", "128": "icon-128.png" }, "action": { "default_icon": "icon-34.png", "default_popup": "popup/index.html", "default_title": "Aeroleads" }, "version": "6.4.17", "background": { "type": "module", "service_worker": "background.iife.js" }, "short_name": "Aeroleads.com - v6.4.17", "update_url": "https://clients2.google.com/service/update2/crx", "description": "__MSG_extensionDescription__", "permissions": [ "storage", "scripting", "tabs", "sidePanel", "notifications", "contextMenus" ], "default_locale": "en", "content_scripts": [ { "js": [ "content-ui/index.iife.js" ], "css": [ "content.css" ], "run_at": "document_idle", "matches": [ "<all_urls>" ] }, { "js": [ "content-runtime-auth/index.iife.js" ], "run_at": "document_idle", "matches": [ "https://aeroleads.com/*", "https://*.aeroleads.com/*" ] } ], "host_permissions": [ "https://aeroleads.com/*", "https://*.aeroleads.com/*", "https://linkedin.com/*", "https://*.linkedin.com/*", "https://*.google.com/*" ], "manifest_version": 3, "content_security_policy": { "extension_pages": "script-src 'self'; object-src 'self'; frame-ancestors 'self' https://aeroleads.com;" }, "web_accessible_resources": [ { "matches": [ "*://*/*" ], "resources": [ "*.js", "*.css" ] } ] }
ⓘ CRXaminer has partnered with our friends at Secure Annex to provide additional findings unique to their platform.
Secure Annex also analyzes extensions from other browsers, IDEs, and can continuously monitor.
This extension may not yet be analyzed by Secure Annex.