Broom Cookie Cleaner & Cookie Editor
Version 5.1.0 View in Chrome Web Store
Extension Details
Context-Aware Verdict
The extension has a relatively small user base of only 2,000 users, which limits community validation. While it maintains a decent 4.3-star rating from 22 reviews, this sample size is quite small for meaningful assessment. The extension appears to be from an independent developer rather than an established company, and the website broomcookiecleaner.com provides limited information about the developer's credentials or track record.
The extension requests an excessive number of high-risk permissions that far exceed what's necessary for basic cookie management. The combination of cookies, history, privacy, and tabs permissions creates a powerful surveillance toolkit. The broad host permissions (*://*/*) and content script injection across all websites means this extension can monitor and manipulate your entire browsing experience. The privacy permission is particularly concerning as it can modify browser security settings. The history permission allows complete browsing activity tracking, which is unnecessary for cookie cleaning functionality.
Given the critical risk level, avoid installing this extension on your primary browser profile. If you must use it, create a dedicated Chrome profile with minimal sensitive data and use it only for testing purposes. Consider well-established alternatives like built-in browser cookie management tools or extensions from reputable developers with larger user bases and transparent privacy policies. The extensive permissions requested suggest potential overreach beyond legitimate cookie management functionality.
Findings
Security Analysis Details
Required Permissions:
- cookies
- history
- browsingData
- storage
- alarms
- tabs
- idle
- notifications
- privacy
Host Permissions:
- *://*/*
Embedded URLs (26 total):
| https://angular.dev/license | http://www.apache.org/licenses/ | |
| http://www.apache.org/licenses/LICENSE-2.0 | https://angular.io/license | |
| https://app.broomcookiecleaner.com | https://fonts.gstatic.com | |
| https://fonts.gstatic.com/s/roboto/v51/KFO7CnqEu92Fr1ME7kSn66aGLdTylUAMa3GUBGEe.woff2 | https://fonts.gstatic.com/s/roboto/v51/KFO7CnqEu92Fr1ME7kSn66aGLdTylUAMa3iUBGEe.woff2 | |
| https://fonts.gstatic.com/s/roboto/v51/KFO7CnqEu92Fr1ME7kSn66aGLdTylUAMa3CUBGEe.woff2 | https://fonts.gstatic.com/s/roboto/v51/KFO7CnqEu92Fr1ME7kSn66aGLdTylUAMa3-UBGEe.woff2 | |
| https://fonts.gstatic.com/s/roboto/v51/KFO7CnqEu92Fr1ME7kSn66aGLdTylUAMawCUBGEe.woff2 | https://fonts.gstatic.com/s/roboto/v51/KFO7CnqEu92Fr1ME7kSn66aGLdTylUAMaxKUBGEe.woff2 | |
| https://fonts.gstatic.com/s/roboto/v51/KFO7CnqEu92Fr1ME7kSn66aGLdTylUAMa3OUBGEe.woff2 | https://fonts.gstatic.com/s/roboto/v51/KFO7CnqEu92Fr1ME7kSn66aGLdTylUAMa3KUBGEe.woff2 | |
| https://fonts.gstatic.com/s/roboto/v51/KFO7CnqEu92Fr1ME7kSn66aGLdTylUAMa3yUBA.woff2 | https://fonts.gstatic.com/s/materialicons/v145/flUhRq6tzZclQEJ-Vdg-IuiaDsNc.woff2 | |
| https://angular.dev/best-practices/security#preventing-cross-site-scripting-xss | http://www.w3.org/2000/svg | |
| http://www.w3.org/1999/xhtml | http://www.w3.org/1999/xlink | |
| http://www.w3.org/XML/1998/namespace | http://www.w3.org/2000/xmlns/ | |
| http://www.w3.org/1998/Math/MathML | https://www.google.com/s2/favicons?domain= | |
| https://www.broomcookiecleaner.com/dashboard/profiles | https://clients2.google.com/service/update2/crx |
Raw Manifest
{ "name": "__MSG_appName__", "icons": { "16": "icons/broom_16.png", "24": "icons/broom_24.png", "32": "icons/broom_32.png", "64": "icons/broom_64.png", "128": "icons/broom_128.png" }, "action": { "default_icon": { "16": "icons/broom_16.png", "24": "icons/broom_24.png", "32": "icons/broom_32.png", "64": "icons/broom_64.png", "128": "icons/broom_128.png" }, "default_popup": "index.html", "default_title": "Broom" }, "version": "5.1.0", "background": { "service_worker": "background.js" }, "update_url": "https://clients2.google.com/service/update2/crx", "description": "__MSG_appDesc__", "permissions": [ "cookies", "history", "browsingData", "storage", "alarms", "tabs", "idle", "notifications", "privacy" ], "default_locale": "en", "content_scripts": [ { "js": [ "content.js" ], "run_at": "document_start", "matches": [ "<all_urls>" ] } ], "host_permissions": [ "*://*/*" ], "manifest_version": 3 }
ⓘ CRXaminer has partnered with our friends at Secure Annex to provide additional findings unique to their platform.
Secure Annex also analyzes extensions from other browsers, IDEs, and can continuously monitor.
This extension may not yet be analyzed by Secure Annex.