[ new scan ] [ statistics ] [ github ] [ twitter ] [ help ]

Kaspersky Protection 17.0

Version 5.0.141.5 View in Chrome Web Store

Last scanned: about 5 hours ago

Extension Details

Rating: 3.7 ★ (250 ratings)

Users: 60,000

Context-Aware Verdict

MEDIUM

Overall Risk

Trust Factors:

Kaspersky is a well-established cybersecurity company with a strong reputation in the antivirus and security software industry. The extension has 60,000 users, indicating reasonable adoption, though the 3.7-star rating from 250 reviews suggests mixed user experiences. The connection to Kaspersky's official infrastructure (scr.kaspersky-labs.com) in the CSP indicates legitimate integration with their security services.

Concerns:

The most significant concern is the use of 'unsafe-eval' in the Content Security Policy, which creates a substantial attack vector for malicious code execution. This is particularly concerning for a security extension that should maintain the highest security standards. The extension uses the older Manifest V2, which lacks the enhanced security protections of V3. The nativeMessaging permission allows communication with native applications on your system, which could be exploited if the extension is compromised. Content scripts running on all HTTP/HTTPS sites provide broad access to web page content.

Recommendations:

Given this is a security extension from a reputable company, the risk is somewhat mitigated by Kaspersky's reputation. However, the unsafe-eval permission is concerning for any security tool. Consider running this extension in a separate Chrome profile to isolate potential risks. Monitor for updates that might address the unsafe-eval issue and migrate to Manifest V3. Alternatively, evaluate newer security extensions that use more restrictive security policies while providing similar protection features.

Findings

HIGH

Unsafe JavaScript Evaluation

This extension's Content Security Policy allows 'unsafe-eval', which permits dynamic JavaScript code execution using eval() and similar functions. This is a significant security risk as it could allow execution of malicious code.

MEDIUM

Medium-Risk Permission: storage

This extension has the storage permission. Can store data locally.

MEDIUM

Older Manifest Version

This extension uses Manifest Version 2, which has fewer security restrictions than Manifest V3. Consider using extensions that have upgraded to V3.

Raw Manifest

{
  "name": "__MSG_ExtensionName__",
  "icons": {
    "16": "images/icon_16.png",
    "32": "images/icon_32.png",
    "48": "images/icon_48.png",
    "64": "images/icon_64.png",
    "128": "images/icon_128.png"
  },
  "version": "5.0.141.5",
  "background": {
    "page": "/background/main.html"
  },
  "update_url": "https://clients2.google.com/service/update2/crx",
  "description": "__MSG_ExtensionDescription__",
  "permissions": [
    "nativeMessaging",
    "storage"
  ],
  "browser_action": {
    "default_icon": {
      "19": "images/button/inactive_19.png",
      "38": "images/button/inactive_38.png"
    },
    "default_popup": "/popup/offline_popup.html",
    "default_title": "__MSG_ToolbarButtonText__"
  },
  "default_locale": "en",
  "content_scripts": [
    {
      "js": [
        "/common/defaults.js",
        "/common/tracing.js",
        "/content/content_plugin.js",
        "/content/api_injection.js",
        "/content/product_info.js",
        "/content/script_injection.js",
        "/snapshot/script.main.js"
      ],
      "run_at": "document_start",
      "matches": [
        "http://*/*",
        "https://*/*"
      ],
      "all_frames": true
    }
  ],
  "manifest_version": 2,
  "content_security_policy": "script-src 'self' 'unsafe-eval'; connect-src 'self' https://*.scr.kaspersky-labs.com wss://*.scr.kaspersky-labs.com; object-src 'self'"
}

by ✦ Astarte

Kaspersky Protection 17.0

Extension Details

Context-Aware Verdict

Findings

Security Analysis Details

Required Permissions:

Content Security Policy:

Embedded URLs (2 total):

Raw Manifest

Detections

Manifest Findings