[ new scan ] [ statistics ] [ github ] [ twitter ] [ help ]

KB SSL Enforcer

Version 2.0.5 View in Chrome Web Store

Last scanned: about 6 hours ago

Extension Details

Developer: https://kbit.dk/

Rating: 4.2 ★ (289 ratings)

Users: 10,000

Context-Aware Verdict

CRITICAL

Overall Risk

Trust Factors: The extension has a moderate user base of 10,000 users and a decent rating of 4.2 stars from 289 reviews, which suggests some level of user satisfaction. However, the developer information is minimal, with only a website link provided (kbit.dk), making it difficult to assess the company's reputation or track record. The lack of detailed developer information and the use of outdated Manifest V2 raises some trust concerns.

Concerns: The extension's permission set is extremely powerful and potentially dangerous for what appears to be an SSL enforcement tool. The combination of webRequest, webRequestBlocking, and tabs permissions gives this extension complete control over all web traffic and browser tabs. The broad host permission (*://*/*) means it can intercept and modify requests to any website. While SSL enforcement is a legitimate security function, these permissions could easily be abused to steal credentials, inject malicious content, or redirect users to phishing sites. The use of Manifest V2 also means fewer security safeguards are in place.

Recommendations: Given the critical risk level, only install this extension if you absolutely trust the developer and need SSL enforcement functionality. Consider running it in a completely separate Chrome profile to isolate potential damage. Monitor your network traffic when using this extension and regularly review what websites you visit while it's active. Look for alternative SSL enforcement extensions that use Manifest V3 and have more transparent developers with established reputations.

Findings

HIGH

Dangerous Permission Combination: webRequest + webRequestBlocking

This extension can intercept, modify, and block web requests in real-time. This combination could be used to modify sensitive web traffic or steal data.

HIGH

High-Risk Permission: tabs

This extension has the tabs permission. Can access browser tab information and manipulate tabs. This could potentially be used maliciously to compromise security or privacy.

HIGH

High-Risk Permission: webRequest

This extension has the webRequest permission. Can intercept and modify web requests. This could potentially be used maliciously to compromise security or privacy.

HIGH

High-Risk Permission: webRequestBlocking

This extension has the webRequestBlocking permission. Can block and modify web requests in real-time. This could potentially be used maliciously to compromise security or privacy.

MEDIUM

Older Manifest Version

This extension uses Manifest Version 2, which has fewer security restrictions than Manifest V3. Consider using extensions that have upgraded to V3.

Raw Manifest

{
  "name": "KB SSL Enforcer",
  "icons": {
    "128": "icon.png"
  },
  "version": "2.0.5",
  "background": {
    "scripts": [
      "background.js"
    ]
  },
  "update_url": "https://clients2.google.com/service/update2/crx",
  "description": "Automatic security, browse encrypted.",
  "permissions": [
    "*://*/",
    "tabs",
    "webRequest",
    "webRequestBlocking"
  ],
  "options_page": "options.html",
  "browser_action": {
    "default_icon": "icon19.png",
    "default_popup": "popup.html",
    "default_title": "KB SSL Enforcer"
  },
  "manifest_version": 2,
  "minimum_chrome_version": "17"
}

by ✦ Astarte

KB SSL Enforcer

Extension Details

Context-Aware Verdict

Findings

Security Analysis Details

Required Permissions:

Embedded URLs (4 total):

Raw Manifest

Detections

Manifest Findings

https://code.google.com/p/chromium/issues/detail?id=105656	https://clients2.google.com/service/update2/crx
https://code.google.com/p/kbsslenforcer/	https://kbit.dk