Extension Details
Context-Aware Verdict
The extension has a perfect 5.0 rating but with only 6 reviews, which is insufficient to establish credibility. With 4,000 users, it has moderate adoption but lacks transparency regarding the developer identity and company information. The BrightEdge brand is associated with legitimate SEO enterprise software, which provides some context for the extensive permissions, but the missing developer details raise concerns about authenticity.
The extension requests an extremely broad set of permissions that essentially grants complete control over your browsing experience. The combination of webRequest and webRequestBlocking permissions allows real-time interception and modification of all web traffic. The <all_urls> permission provides access to every website you visit, while cookies permission enables access to sensitive authentication data. The webNavigation permission allows comprehensive tracking of your browsing patterns. These permissions far exceed what most SEO tools require and create significant privacy and security vulnerabilities.
Given the critical risk level, avoid installing this extension on your primary browser profile. If you must use it for legitimate SEO work, create a dedicated Chrome profile with minimal personal data and use it only for specific SEO tasks. Verify the extension's authenticity through BrightEdge's official website before installation. Consider alternative SEO tools with more limited permissions. Monitor your network traffic and browser behavior closely if you choose to proceed with installation.
Findings
Security Analysis Details
Required Permissions:
- activeTab
- scripting
- cookies
- storage
- webNavigation
- webRequest
- webRequestBlocking
- <all_urls>
Host Permissions:
- https://*.brightedge.com/*
- http://*/*
- https://*/*
Embedded URLs (52 total):
| https://clients2.google.com/service/update2/crx | http://fb.me/use-check-prop-types | |
| https://bugs.webkit.org/show_bug.cgi?id=68196 | https://mui.com/r/x-license-key-installation. | |
| https://mui.com/r/x-get-license?scope=premium. | https://mui.com/r/x-license-trial. | |
| https://mui.com/r/x-get-license | https://mui.com/r/x-license-annual | |
| http://mui.com/components/data-grid/pagination/#basic-implementation | http://mui.com/components/data-grid/editing/#server-side-persistence. | |
| https://mui.com/r/x-data-grid-no-dimensions. | http://www.w3.org/2000/svg | |
| https://www.staging.brightedge.com/reset-password | https://github.com/date-fns/date-fns/blob/master/docs/unicodeTokens.md | |
| https://app-be.s3.us-east-2.amazonaws.com | https://app-test-be.s3.us-east-2.amazonaws.com | |
| https://schema.org | http://schema.org/WebSite | |
| http://schema.org/ListItem | http://www.w3.org/1999/xlink | |
| https://www.googleapis.com/pagespeedonline/v5/runPagespeed?url= | https://validator.schema.org/#url= | |
| https://search.google.com/test/rich-results?url= | https://passets.brightedge.com/fonts/roboto-graphene/Roboto-Thin.ttf | |
| https://passets.brightedge.com/fonts/roboto-graphene/Roboto-Light.ttf | https://passets.brightedge.com/fonts/roboto-graphene/Roboto-Regular.ttf | |
| https://passets.brightedge.com/fonts/roboto-graphene/Roboto-Medium.ttf | https://passets.brightedge.com/fonts/roboto-graphene/Roboto-Bold.ttf | |
| https://passets.brightedge.com/fonts/roboto-graphene/Roboto-Black.ttf | https://reactjs.org/docs/error-decoder.html?invariant= | |
| https://github.com/uuidjs/uuid#getrandomvalues-not-supported | https://lodash.com/ | |
| https://openjsf.org/ | https://lodash.com/license | |
| http://underscorejs.org/LICENSE | https://npms.io/search?q=ponyfill. | |
| https://a.com | http://www.w3.org/XML/1998/namespace | |
| http://www.w3.org/1999/xhtml | http://www.w3.org/1998/Math/MathML | |
| https://ui-api.staging.brightedge.com | https://ui-api.brightedge.com | |
| https://api2.staging.brightedge.com | https://api.brightedge.com | |
| https://mui.com/production-error/?code= | https://api.locize.app/ | |
| https://api.locize.app/private/ | https://api.locize.app/languages/ | |
| https://api.locize.app/missing/ | https://api.locize.app/update/ | |
| https://docs.locize.com/guides-tips-and-tricks/going-production | https://chromewebstore.google.com/detail/brightedge-seo/gehmjadkhbmialfhlopigngppipkkdef |
Raw Manifest
{ "name": "BrightEdge SEO", "action": { "default_icon": { "128": "favicon-128.png" }, "default_title": "BrightEdge Chrome Extension" }, "version": "0.0.48.0", "background": { "type": "module", "service_worker": "service-worker-loader.js" }, "update_url": "https://clients2.google.com/service/update2/crx", "permissions": [ "activeTab", "scripting", "cookies", "storage", "webNavigation", "webRequest", "webRequestBlocking", "<all_urls>" ], "version_name": "0.0.48", "browser_action": {}, "host_permissions": [ "https://*.brightedge.com/*", "http://*/*", "https://*/*" ], "manifest_version": 3, "web_accessible_resources": [ { "matches": [ "http://*/*", "https://*/*" ], "resources": [ "assets/popup.2ca9262a.js", "assets/popup.a4ea8e47.css", "assets/publish.47b9a58a.js", "assets/dom_stuff.b215bbec.js" ], "use_dynamic_url": false } ] }
ⓘ CRXaminer has partnered with our friends at Secure Annex to provide additional findings unique to their platform.
Secure Annex also analyzes extensions from other browsers, IDEs, and can continuously monitor.
This extension may not yet be analyzed by Secure Annex.