ESUIT | Un Seen for Facebook™
Version 1.13.0 View in Chrome Web Store
Extension Details
Context-Aware Verdict
The extension has a solid user base of 20,000 users with a good rating of 4.4/5 stars from 219 reviews, indicating general user satisfaction. The developer uses the domain esuit.dev, which suggests some level of professionalism. The extension's purpose - providing "unseen" functionality for Facebook - is clearly defined and matches its requested permissions.
The primary concern is the broad host permissions that grant access to Facebook's main domains and Messenger. While these permissions align with the extension's stated purpose, they provide significant access to sensitive social media data including private messages, posts, and personal information. The storage permission allows the extension to retain data locally, which could include sensitive Facebook content. The scripting permission enables code injection into Facebook pages, creating potential for data harvesting beyond the intended "unseen" functionality.
Consider running this extension in a separate Chrome profile dedicated to Facebook use to limit exposure of other browsing activities. Regularly review what data the extension might be storing locally. Monitor Facebook's activity logs for any unusual behavior. Since the extension modifies Facebook's read receipt functionality, be aware this could impact your social interactions. Only install if you specifically need the "unseen" feature and trust the developer with access to your Facebook data.
Findings
Security Analysis Details
Required Permissions:
- scripting
- storage
- declarativeNetRequest
Host Permissions:
- https://www.facebook.com/*
- https://web.facebook.com/*
- https://www.messenger.com/*
Embedded URLs (22 total):
| https://clients2.google.com/service/update2/crx | https://www.facebook.com/ | |
| https://web.facebook.com/ | https://www.messenger.com/ | |
| https://chromewebstore.google.com/detail/esuit-un-seen-for-faceboo/fgmiepijfchkhchobiopcemoajoedkkm | https://esuit.dev | |
| https://reactjs.org/docs/error-decoder.html?invariant= | http://www.w3.org/1999/xlink | |
| http://www.w3.org/XML/1998/namespace | http://www.w3.org/2000/svg | |
| http://www.w3.org/1998/Math/MathML | http://www.w3.org/1999/xhtml | |
| https://esuit.dev/RedirectingToFBPage.html | https://static-data.esuit.dev/index.json | |
| https://stats.esuit.dev/index.json | https://esuit.dev/ | |
| https://esuit.dev/extensions/ | https://esuit.dev/login? | |
| https://getusersubscription-57pphaecyq-uc.a.run.app/?token= | https://esuit.dev/pricing/ | |
| https://esuit.dev/dashboard | https://esuit-dev-sentry-6b0d6.web.app/api/sentry |
Raw Manifest
{ "name": "__MSG_name__", "icons": { "16": "src/assets/logo/favicon-16.png", "19": "src/assets/logo/favicon-19.png", "32": "src/assets/logo/favicon-32.png", "38": "src/assets/logo/favicon-38.png", "48": "src/assets/logo/favicon-48.png", "128": "src/assets/logo/favicon-128.png" }, "action": { "default_icon": "src/assets/logo/favicon-128.png", "default_popup": "src/pages/popup/index.html" }, "author": { "name": "William Chen", "email": "fbesuit@gmail.com" }, "version": "1.13.0", "incognito": "not_allowed", "background": { "type": "module", "service_worker": "service-worker-loader.js" }, "update_url": "https://clients2.google.com/service/update2/crx", "description": "__MSG_description__", "permissions": [ "scripting", "storage", "declarativeNetRequest" ], "version_name": "1.13.0", "default_locale": "en", "host_permissions": [ "https://www.facebook.com/*", "https://web.facebook.com/*", "https://www.messenger.com/*" ], "manifest_version": 3, "minimum_chrome_version": "103", "web_accessible_resources": [ { "matches": [ "https://web.facebook.com/*", "https://www.facebook.com/*", "https://www.messenger.com/*" ], "resources": [ "*" ], "use_dynamic_url": false } ] }
ⓘ CRXaminer has partnered with our friends at Secure Annex to provide additional findings unique to their platform.
Secure Annex also analyzes extensions from other browsers, IDEs, and can continuously monitor.
This extension may not yet be analyzed by Secure Annex.