[ new scan ] [ statistics ] [ github ] [ twitter ] [ help ]

Secure Exam Proctor

Version 1.5.25080.34 View in Chrome Web Store

Last scanned: 8 months ago | force re-scan

Extension Details

Developer: proctorio.com

Rating: 1.1 ★ (5.7K ratings)

Size: 23.18MiB

Last Updated: April 25, 2025

Users: 4,000,000

Developer Info: Proctorio Inc.7340 East Main Street Scottsdale, AZ 85251 US

Context-Aware Verdict

HIGH

Overall Risk

Trust Factors:

- The extension is developed by a reputable company (Proctorio Inc.) that provides exam proctoring services, which aligns with the extension's stated purpose.

- It has a large user base of 4 million users, suggesting widespread adoption and trust.

- However, the low rating of 1.1 out of 5 raises some concerns about user satisfaction and potential privacy/security issues.

Concerns:

- The extension requests an extensive list of permissions, many of which are considered high-risk and potentially unnecessary for an exam proctoring tool, such as clipboardWrite, webRequest, webNavigation, management, cookies, proxy, downloads, and privacy.

- The broad host permissions (<all_urls>) and the ability to execute unsafe WebAssembly code raise concerns about potential privacy violations and security risks.

- The large size of the extension (23.18 MiB) is unusual and may indicate the presence of additional functionality beyond what is disclosed.

Recommendations:

- Exercise caution when installing this extension, as it has access to a wide range of sensitive data and system resources.

- Consider running the extension in a separate browser profile or a sandboxed environment to isolate it from your main browsing activity.

- Review the extension's privacy policy and terms of service carefully to understand how your data may be collected and used.

- Monitor the extension's behavior and resource usage, and uninstall it if you notice any suspicious activity or performance issues.

- Provide feedback to the developer regarding the excessive permissions and low rating, and encourage them to adopt a more privacy-conscious approach.

Findings

HIGH

Broad Host Permissions

This extension has broad host permissions allowing it to access many or all websites. This could potentially be used to steal sensitive data or track browsing activity.

HIGH

High-Risk Permission: clipboardWrite

This extension has the clipboardWrite permission. Can modify clipboard content. This could potentially be used maliciously to compromise security or privacy.

HIGH

High-Risk Permission: cookies

This extension has the cookies permission. Can access and modify browser cookies. This could potentially be used maliciously to compromise security or privacy.

HIGH

High-Risk Permission: downloads

This extension has the downloads permission. Can download files and access download history. This could potentially be used maliciously to compromise security or privacy.

HIGH

High-Risk Permission: management

This extension has the management permission. Can manage other extensions. This could potentially be used maliciously to compromise security or privacy.

HIGH

High-Risk Permission: privacy

This extension has the privacy permission. Can modify privacy settings. This could potentially be used maliciously to compromise security or privacy.

HIGH

High-Risk Permission: proxy

This extension has the proxy permission. Can control proxy settings. This could potentially be used maliciously to compromise security or privacy.

HIGH

High-Risk Permission: tabs

This extension has the tabs permission. Can access browser tab information and manipulate tabs. This could potentially be used maliciously to compromise security or privacy.

HIGH

High-Risk Permission: webNavigation

This extension has the webNavigation permission. Can track your web navigation. This could potentially be used maliciously to compromise security or privacy.

HIGH

High-Risk Permission: webRequest

This extension has the webRequest permission. Can intercept and modify web requests. This could potentially be used maliciously to compromise security or privacy.

HIGH

Unsafe WebAssembly Execution

This extension's Content Security Policy allows 'wasm-unsafe-eval', which permits potentially dangerous WebAssembly code execution. This could be used to hide malicious code or perform CPU-intensive operations.

MEDIUM

Medium-Risk Permission: geolocation

This extension has the geolocation permission. Can access your location.

MEDIUM

Medium-Risk Permission: notifications

This extension has the notifications permission. Can show notifications.

MEDIUM

Medium-Risk Permission: storage

This extension has the storage permission. Can store data locally.

MEDIUM

Medium-Risk Permission: unlimitedStorage

This extension has the unlimitedStorage permission. Can store unlimited data locally.

Security Analysis Details

Required Permissions:

alarms
tabs
scripting
storage
unlimitedStorage
clipboardWrite
webRequest
declarativeNetRequest
webNavigation
management
browsingData
cookies
tts
geolocation
notifications
desktopCapture
proxy
system.cpu
system.memory
system.storage
system.display
downloads
power
tabCapture
privacy
offscreen
sidePanel

Optional Permissions:

downloads.open

Host Permissions:

ws://*/*
wss://*/*
<all_urls>

Content Security Policy:

extension_pages: script-src 'self' 'wasm-unsafe-eval'; object-src 'self';

Embedded URLs (254 total):

https://github.com/zloirock/core-js	https://github.com/Daninet/hash-wasm
http://usablica.github.io/intro.js/	https://openjsf.org/
https://github.com/jquery/jquery	https://github.com/lit/lit
https://github.com/pieroxy/lz-string	https://github.com/google-ai-edge/mediapipe
http://www.apache.org/licenses/LICENSE-2.0	https://github.com/mcollina/minimist
https://github.com/janl/mustache.js	http://opencv.org/license.html
https://github.com/webcomponents/custom-elements/tree/master	https://github.com/webcomponents/shadycss/tree/master
https://github.com/webcomponents/polyfills/tree/master/packages/webcomponentsjs	http://proctorio.zendesk.com/hc/articles/202911160
http://proctorio.zendesk.com/hc/articles/203076064	https://proctorio.zendesk.com/hc/articles/202384890
https://proctorio.zendesk.com/hc/articles/202164014	https://proctorio.zendesk.com/hc/articles/200287479
https://proctorio.zendesk.com/hc/articles/203165960	https://proctorio.zendesk.com/hc/articles/115000505932
https://proctorio.zendesk.com/hc/articles/203014064	https://proctorio.zendesk.com/hc/articles/204198197
https://proctorio.zendesk.com/hc/articles/202384390	https://proctorio.zendesk.com/hc/articles/204263178-Why-do-I-have-to-share-my-screen-with-Proctorio-
https://proctorio.zendesk.com/hc/articles/201147600	http://proctorio.zendesk.com/hc/articles/202881214
https://proctorio.zendesk.com/hc/articles/202111634	http://proctorio.zendesk.com/hc/articles/202883304
https://proctorio.zendesk.com/hc/articles/201147610	https://proctorio.zendesk.com/hc/articles/201147620
https://proctorio.zendesk.com/hc/articles/202259930	https://proctorio.zendesk.com/hc/articles/202659744
https://proctorio.zendesk.com/hc/articles/115000769972	https://proctorio.zendesk.com/hc/articles/200706535
https://proctorio.zendesk.com/hc/articles/202881214	http://chrome.blogspot.com/2015/11/updates-to-chrome-platform-support.html
https://proctorio.zendesk.com/hc/articles/200826404	https://proctorio.zendesk.com/hc/articles/204440037
https://proctorio.zendesk.com/hc/articles/216251457	https://proctorio.zendesk.com/hc/articles/203150140
https://proctorio.zendesk.com/hc/articles/4414095635853	https://proctorio.zendesk.com/hc/articles/205312568
https://proctorio.zendesk.com/hc/articles/206089927	https://proctorio.zendesk.com/hc/articles/203045034
http://proctorio.zendesk.com/hc/articles/202919260	http://proctorio.zendesk.com/hc/articles/200761954
http://proctorio.zendesk.com/hc/articles/200761964	https://proctorio.zendesk.com/hc/articles/203092698
https://proctorio.zendesk.com/hc/articles/200714395	https://proctorio.zendesk.com/hc/articles/
https://proctorio.zendesk.com/hc/articles/115000493711	https://support.google.com/chrome/answer/95414
https://proctoriostatus.com	https://proctorio.zendesk.com/hc/articles/115000760451
https://proctorio.zendesk.com/hc/articles/13569970444429-360-degree-view-of-the-exam-environment	https://proctorio.zendesk.com/hc/articles/13568378003341-Floor-Scan
https://proctorio.zendesk.com/hc/articles/13570212641165-Desk-Scan	https://proctorio.zendesk.com/hc/articles/13570462634381-Monitor-Scan
https://proctorio.zendesk.com/hc/articles/13568758290317-Ceiling-Scan	https://proctorio.zendesk.com/hc/articles/13569082799885-Under-the-Desk-Scan
https://proctorio.zendesk.com/hc/articles/13849725002765-Items-not-permitted-Notes	https://proctorio.zendesk.com/hc/articles/13572018967693-Items-not-permitted-Writing-utensils
https://proctorio.zendesk.com/hc/articles/13849490847117-Items-not-permitted-Books	https://proctorio.zendesk.com/hc/articles/13571069957133-Items-not-permitted-Food
https://proctorio.zendesk.com/hc/articles/13570968888333-Items-not-permitted-Drinks	https://proctorio.zendesk.com/hc/articles/13849597473549-Items-not-permitted-Calculators
https://proctorio.zendesk.com/hc/articles/13849664544013-Items-not-permitted-Mobile-devices	https://proctorio.zendesk.com/hc/articles/13849688073357-Items-not-permitted-Smoking
https://proctorio.zendesk.com/hc/articles/13570633246349-Items-not-permitted-Public-testing-area	https://proctorio.zendesk.com/hc/articles/360042737011
https://proctorio.zendesk.com/hc/articles/29892925399053	https://proctorio.com/about/privacy
https://proctorio.zendesk.com/hc/articles/210102628	https://proctorio.zendesk.com/hc/articles/9209847334157-Record-Environment
https://proctorio.zendesk.com/hc/articles/360002439311	https://proctorio.zendesk.com/hc/articles/202112044-Why-does-Proctorio-set-a-password-on-the-exam
https://cdn.proctorio.com/media/de/bedingungen.pdf	https://cdn.proctorio.com/media/de/datenschutzinformation.pdf

Page 1 of 4

Raw Manifest

{
  "name": "__MSG_extension_title__",
  "icons": {
    "16": "webassets/proctor--v3-16.png",
    "48": "webassets/proctor--v3-48.png",
    "128": "webassets/proctor--v3-128.png",
    "300": "webassets/proctor--v3-300.png"
  },
  "action": {
    "default_icon": "webassets/proctor--v3-128.png",
    "default_popup": "assets/GEVb.html",
    "default_title": "__MSG_extension_title__"
  },
  "version": "1.5.25080.34",
  "background": {
    "service_worker": "/assets/Js2Q.js"
  },
  "side_panel": {
    "default_path": "assets/sidepanel.html",
    "openPanelOnActionClick": false
  },
  "update_url": "https://clients2.google.com/service/update2/crx",
  "description": "__MSG_extension_description__",
  "permissions": [
    "alarms",
    "tabs",
    "scripting",
    "storage",
    "unlimitedStorage",
    "clipboardWrite",
    "webRequest",
    "declarativeNetRequest",
    "webNavigation",
    "management",
    "browsingData",
    "cookies",
    "tts",
    "geolocation",
    "notifications",
    "desktopCapture",
    "proxy",
    "system.cpu",
    "system.memory",
    "system.storage",
    "system.display",
    "downloads",
    "power",
    "tabCapture",
    "privacy",
    "offscreen",
    "sidePanel"
  ],
  "devtools_page": "assets/YrEf.html",
  "default_locale": "en",
  "host_permissions": [
    "ws://*/*",
    "wss://*/*",
    "<all_urls>"
  ],
  "manifest_version": 3,
  "optional_permissions": [
    "downloads.open"
  ],
  "minimum_chrome_version": "109",
  "content_security_policy": {
    "extension_pages": "script-src 'self' 'wasm-unsafe-eval'; object-src 'self';"
  },
  "declarative_net_request": {
    "rule_resources": [
      {
        "id": "ruleset_1",
        "path": "webassets/blocking.json",
        "enabled": true
      }
    ]
  },
  "web_accessible_resources": [
    {
      "matches": [
        "<all_urls>"
      ],
      "resources": [
        "assets/eb3b642.js",
        "webassets/*.woff",
        "webassets/*.svg",
        "webassets/*.gif",
        "webassets/*.webp",
        "webassets/*.png",
        "webassets/*.html",
        "webassets/*.css",
        "webassets/*.xml",
        "webassets/*.json",
        "assets/helpers/*.js"
      ]
    }
  ]
}

by ✦ Astarte

Secure Exam Proctor

Extension Details

Context-Aware Verdict

Findings

Security Analysis Details

Required Permissions:

Optional Permissions:

Host Permissions:

Content Security Policy:

Embedded URLs (254 total):

Raw Manifest

Detections

Manifest Findings