[ new scan ] [ statistics ] [ github ] [ twitter ] [ help ]

Onion Browser Button

Version 0.2.6 View in Chrome Web Store

Last scanned: about 8 hours ago

Extension Details

Rating: 3.5 ★ (46 ratings)

Users: 10,000

Context-Aware Verdict

HIGH

Overall Risk

Trust Factors:

The extension has a moderate user base of 10,000 users but shows concerning trust indicators. With only 46 ratings and a mediocre 3.5-star rating, user satisfaction appears limited. The lack of clear author and developer information raises transparency concerns, making it difficult to assess the publisher's credibility or track record.

Concerns:

The proxy permission is particularly concerning for a browser button extension, as it allows complete control over network traffic routing. This level of access seems excessive for what should be a simple interface tool. The host permissions to check.torproject.org, while seemingly legitimate for Tor-related functionality, combined with proxy control creates a powerful combination that could redirect all browsing traffic. The storage and notifications permissions, while less critical, add to the overall permission footprint without clear justification for a basic browser button.

Recommendations:

Given the high-risk proxy permission and unclear developer identity, consider running this extension in a separate Chrome profile to isolate potential security risks. Before installation, verify the extension's actual functionality matches its description and monitor network traffic for unexpected proxy changes. Alternative Tor browser solutions with better transparency and security track records should be considered. If you must use this extension, regularly audit your proxy settings and be cautious about sensitive browsing activities while it's active.

Findings

HIGH

Broad Host Permissions

This extension has broad host permissions allowing it to access many or all websites. This could potentially be used to steal sensitive data or track browsing activity.

HIGH

High-Risk Permission: proxy

This extension has the proxy permission. Can control proxy settings. This could potentially be used maliciously to compromise security or privacy.

MEDIUM

Medium-Risk Permission: notifications

This extension has the notifications permission. Can show notifications.

MEDIUM

Medium-Risk Permission: storage

This extension has the storage permission. Can store data locally.

Raw Manifest

{
  "name": "Onion Browser Button",
  "icons": {
    "16": "data/icons/16.png",
    "32": "data/icons/32.png",
    "48": "data/icons/48.png",
    "64": "data/icons/64.png",
    "128": "data/icons/128.png"
  },
  "action": {
    "default_icon": {
      "16": "data/icons/16.png",
      "32": "data/icons/32.png",
      "48": "data/icons/48.png",
      "64": "data/icons/64.png"
    },
    "default_popup": "data/popup/popup.html",
    "default_title": "Onion Browser Button"
  },
  "version": "0.2.6",
  "commands": {
    "_execute_action": {}
  },
  "background": {
    "service_worker": "background.js"
  },
  "update_url": "https://clients2.google.com/service/update2/crx",
  "description": "Easily browse the internet using TOR proxy with just one click!",
  "permissions": [
    "proxy",
    "storage",
    "notifications"
  ],
  "homepage_url": "https://mybrowseraddon.com/tor-button.html",
  "host_permissions": [
    "https://check.torproject.org/*"
  ],
  "manifest_version": 3
}

by ✦ Astarte

Onion Browser Button

Extension Details

Context-Aware Verdict

Findings

Security Analysis Details

Required Permissions:

Host Permissions:

Embedded URLs (5 total):

Raw Manifest

Detections

Manifest Findings

https://check.torproject.org/	https://webbrowsertools.com/ip-address/
https://github.com/jeremy-jr-benthum/onion-browser-button/releases	https://clients2.google.com/service/update2/crx
https://mybrowseraddon.com/tor-button.html