Extension Details
Context-Aware Verdict
The extension has a concerning trust profile with several red flags. While it has 200,000 users suggesting some adoption, it has only 1 rating review which is highly unusual for an extension with that user base. The perfect 5.0 rating from a single review raises authenticity concerns. The lack of clear author and developer information creates additional transparency issues. The name "Janus Health Teleport v3" suggests healthcare-related functionality, but without proper developer identification, this cannot be verified.
The permission set is extremely aggressive and largely unnecessary for typical healthcare applications. The debugger permission is particularly alarming as it allows manipulation of other extensions and browser debugging capabilities. The management permission enables control over other installed extensions, creating potential for malicious interference. Combined with broad host permissions covering all websites, this extension has unprecedented access to user data, browsing activity, and system control. The cookies permission alongside these other capabilities creates a perfect storm for data harvesting and privacy violations.
Do not install this extension given the critical risk level. If absolutely necessary for healthcare workflows, run it in a completely isolated Chrome profile with no other extensions or sensitive data. Contact your IT security team before installation. Consider alternative healthcare tools with more reasonable permission requirements and verified developer credentials. The combination of excessive permissions and questionable trust indicators makes this extension unsuitable for environments containing sensitive information.
Findings
Security Analysis Details
Required Permissions:
- cookies
- debugger
- management
- scripting
- storage
- tabs
Host Permissions:
- https://*/*
Embedded URLs (10 total):
| https://reactjs.org/docs/error-decoder.html?invariant= | http://www.w3.org/1999/xlink | |
| http://www.w3.org/XML/1998/namespace | http://www.w3.org/2000/svg | |
| http://www.w3.org/1998/Math/MathML | http://www.w3.org/1999/xhtml | |
| https://github.com/date-fns/date-fns/blob/master/docs/upgradeGuide.md#string-arguments | https://app.janus-ai.com | |
| https://dev.janus-ai.com | https://clients2.google.com/service/update2/crx |
Raw Manifest
{ "name": "Janus Health Teleport v3", "icons": { "16": "janusIcon16.png", "32": "janusIcon32.png", "48": "janusIcon48.png", "128": "janusIcon128.png" }, "action": { "default_popup": "index.html" }, "version": "3.21.1", "background": { "type": "module", "service_worker": "service-worker-loader.js" }, "update_url": "https://clients2.google.com/service/update2/crx", "description": "The Janus Teleport extension automates the time-consuming process of logging in and navigating healthcare payer websites.", "permissions": [ "cookies", "debugger", "management", "scripting", "storage", "tabs" ], "content_scripts": [ { "js": [ "assets/content-script-loader.enable-teleport.ts-1d48ddc4-7634034a.js" ], "matches": [ "https://*.janus-ai.com/*" ] }, { "js": [ "assets/content-script-loader.main.tsx-16eccb7d-38364bde.js" ], "css": [ "assets/main-45ef2ab0.css" ], "matches": [ "https://*/*" ] } ], "host_permissions": [ "https://*/*" ], "manifest_version": 3, "externally_connectable": { "matches": [ "https://*.janus-ai.com/*" ] }, "web_accessible_resources": [ { "matches": [ "https://*.janus-ai.com/*" ], "resources": [ "assets/enable-teleport.ts-1d48ddc4.js" ], "use_dynamic_url": false }, { "matches": [ "https://*/*" ], "resources": [ "assets/client-b9663c10.js", "assets/_commonjsHelpers-de833af9.js", "assets/main.tsx-16eccb7d.js" ], "use_dynamic_url": false } ] }
ⓘ CRXaminer has partnered with our friends at Secure Annex to provide additional findings unique to their platform.
Secure Annex also analyzes extensions from other browsers, IDEs, and can continuously monitor.
This extension may not yet be analyzed by Secure Annex.