[ new scan ] [ statistics ] [ github ] [ twitter ] [ help ]

Bizfly Chatbot AI

Version 3.4.2 View in Chrome Web Store

Last scanned: 2 days ago | force re-scan

Extension Details

Developer: https://bizfly.vn/

Rating: 5.0 ★ (1 rating)

Users: 628

Context-Aware Verdict

HIGH

Overall Risk

Trust Factors:

The extension has very limited adoption with only 628 users and a single 5-star rating, making it difficult to assess reliability through user feedback. The developer appears to be associated with Bizfly.vn, a Vietnamese cloud service provider, which provides some legitimacy. However, the extremely low user base and minimal review history raise questions about the extension's maturity and trustworthiness.

Concerns:

The extension exhibits several concerning security patterns. The broad content script injection capability across all URLs is particularly alarming for a chatbot AI tool, as this level of access far exceeds what would typically be necessary for its stated functionality. The combination of Facebook access permissions with universal website access creates potential privacy risks, especially given the extension's ability to store data locally. The declarativeNetRequest permission adds another layer of concern, as it could potentially be used to modify or intercept network requests.

Recommendations:

Given the high-risk profile, consider running this extension in a separate Chrome profile to isolate potential security impacts. Before installation, verify the legitimacy of Bizfly.vn and ensure you specifically need chatbot functionality that requires such broad permissions. Monitor the extension's behavior closely and consider alternatives with more restrictive permissions. The low user adoption suggests waiting for broader community validation before trusting this extension with sensitive browsing activities.

Findings

HIGH

Broad Content Script Injection

This extension can inject scripts into any website. This means it could potentially read sensitive data, modify website content, or steal credentials.

HIGH

Broad Host Permissions

This extension has broad host permissions allowing it to access many or all websites. This could potentially be used to steal sensitive data or track browsing activity.

MEDIUM

Access to Sensitive Domains

This extension requests access to sensitive domains: *://*.facebook.com/, *://translate-pa.googleapis.com/. Ensure you trust this extension with access to these sites.

MEDIUM

Medium-Risk Permission: storage

This extension has the storage permission. Can store data locally.

Security Analysis Details

Required Permissions:

declarativeNetRequest
storage
alarms

Host Permissions:

*://*.facebook.com/
*://*.bizfly.vn/
*://translate-pa.googleapis.com/

Embedded URLs (20 total):

https://clients2.google.com/service/update2/crx	https://reactjs.org/docs/error-decoder.html?invariant=
http://www.w3.org/1999/xlink	http://www.w3.org/XML/1998/namespace
http://www.w3.org/2000/svg	http://www.w3.org/1998/Math/MathML
http://www.w3.org/1999/xhtml	https://business.facebook.com/api/graphql/
https://business.facebook.com/latest/inbox/all?asset_id=	https://business.facebook.com/api/graphqlbatch/
https://business.facebook.com/messaging/send/	https://www.facebook.com/
https://upload-business.facebook.com/ajax/mercury/upload.php?	https://business.facebook.com/
https://fiber.bizfly.vn/v1.0/job/upload_image_facebook_v2	https://business.facebook.com/api/graphqlbatch/?_callFlowletID=0&_triggerFlowletID=33772&qpl_active_e2e_trace_ids=
https://business.facebook.com	https://business.facebook.com/latest/inbox/all/?nav_ref=manage_page_ap_plus_inbox_message_button&asset_id=
https://translate-pa.googleapis.com/v1/translateHtml	https://www.facebook.com

Raw Manifest

{
  "name": "Bizfly Chatbot AI",
  "icons": {
    "16": "icon16.plasmo.6c567d50.png",
    "32": "icon32.plasmo.76b92899.png",
    "48": "icon48.plasmo.aced7582.png",
    "64": "icon64.plasmo.8bb5e6e0.png",
    "128": "icon128.plasmo.3c1ed2d2.png"
  },
  "action": {
    "default_icon": {
      "16": "icon16.plasmo.6c567d50.png",
      "32": "icon32.plasmo.76b92899.png",
      "48": "icon48.plasmo.aced7582.png",
      "64": "icon64.plasmo.8bb5e6e0.png",
      "128": "icon128.plasmo.3c1ed2d2.png"
    },
    "default_popup": "popup.html"
  },
  "author": "sonnn.uct@gmail.com",
  "version": "3.4.2",
  "background": {
    "service_worker": "static/background/index.js"
  },
  "options_ui": {
    "page": "options.html",
    "open_in_tab": true
  },
  "update_url": "https://clients2.google.com/service/update2/crx",
  "description": "Bizfly Chatbot AI helps people can send message to facebook fanpage easier and integrate with Bizfly Eco Systems",
  "permissions": [
    "declarativeNetRequest",
    "storage",
    "alarms"
  ],
  "content_scripts": [
    {
      "js": [
        "bizfly-content.ad516d4f.js"
      ],
      "css": [],
      "run_at": "document_idle",
      "matches": [
        "<all_urls>"
      ],
      "all_frames": true
    }
  ],
  "host_permissions": [
    "*://*.facebook.com/",
    "*://*.bizfly.vn/",
    "*://translate-pa.googleapis.com/"
  ],
  "manifest_version": 3
}

by ✦ Astarte

Bizfly Chatbot AI

Extension Details

Context-Aware Verdict

Findings

Security Analysis Details

Required Permissions:

Host Permissions:

Embedded URLs (20 total):

Raw Manifest

Detections

Manifest Findings