Extension Details
Context-Aware Verdict
The extension has a moderate user base of 50,000 users and a decent rating of 4.2/5 from 77 reviews, suggesting reasonable user satisfaction. However, the lack of developer information and missing description raises transparency concerns. The extension appears to be specifically designed for Codeforces, a competitive programming platform, which is a legitimate use case.
The primary concern is the broad host permissions for all Codeforces domains (*://*.codeforces.com/*), which could potentially access sensitive user data across the entire platform including login credentials, contest submissions, and personal information. The unlimited storage permission combined with regular storage access allows the extension to collect and store substantial amounts of user data indefinitely. The missing extension description makes it difficult to verify if these permissions are justified for the stated functionality.
Consider running this extension in a separate Chrome profile dedicated to competitive programming activities to isolate potential risks from your main browsing profile. Before installation, research the extension's actual functionality through user reviews or community forums to ensure the permissions align with its purpose. Monitor the extension's behavior and consider alternatives with more transparent developer information and clearer permission justifications. Given the specific domain targeting, the risk is somewhat contained to Codeforces usage rather than general web browsing.
Findings
Security Analysis Details
Required Permissions:
- storage
- unlimitedStorage
Host Permissions:
- *://*.codeforces.com/*
Embedded URLs (10 total):
| http://www.w3.org/2000/svg | https://github.com/cheran-senthil/TLE/blob/master/tle/util/ranklist/rating_calculator.py | |
| https://github.com/algmyr | https://codeforces.com/contest/1/submission/13861109. | |
| https://codeforces.com/profile/ffao | https://codeforces.com/blog/entry/110477 | |
| https://github.com/mozilla/webextension-polyfill | http://mozilla.org/MPL/2.0/. | |
| https://github.com/meooow25/carrot/issues/31 | https://clients2.google.com/service/update2/crx |
Raw Manifest
{ "name": "Carrot", "icons": { "16": "icons/icon16.png", "32": "icons/icon32.png", "48": "icons/icon48.png", "128": "icons/icon128.png" }, "action": { "default_icon": "icons/icon128.png", "default_popup": "src/popup/popup.html", "default_title": "Carrot" }, "version": "0.6.8", "background": { "type": "module", "service_worker": "src/background/background.js" }, "options_ui": { "page": "src/options/options.html" }, "update_url": "https://clients2.google.com/service/update2/crx", "description": "Rating predictor for Codeforces", "permissions": [ "storage", "unlimitedStorage" ], "content_scripts": [ { "js": [ "polyfill/browser-polyfill.min.js", "src/content/content.js" ], "css": [ "src/content/content.css" ], "matches": [ "*://*.codeforces.com/*" ] } ], "host_permissions": [ "*://*.codeforces.com/*" ], "manifest_version": 3 }
ⓘ CRXaminer has partnered with our friends at Secure Annex to provide additional findings unique to their platform.
Secure Annex also analyzes extensions from other browsers, IDEs, and can continuously monitor.
This extension may not yet be analyzed by Secure Annex.