[ new scan ] [ statistics ] [ github ] [ twitter ] [ help ]

SoundCloud Enhanced Pro

Version 2.5.0 View in Chrome Web Store

Last scanned: about 2 hours ago

Extension Details

Rating: 4.0 ★ (31 ratings)

Users: 6,000

Context-Aware Verdict

HIGH

Overall Risk

Trust Factors:

The extension has a modest user base of 6,000 users with a decent 4.0-star rating from 31 reviews, suggesting some level of user satisfaction. However, the lack of clear developer information and company details raises transparency concerns. The extension targets SoundCloud enhancement, which is a legitimate use case, but the implementation raises several red flags.

Concerns:

The most significant concern is the inclusion of suspicious third-party domains (sd.theany.ir and unifybrowse.com) in both host permissions and CSP, which have no apparent connection to SoundCloud functionality. These Iranian and generic domains could potentially be used for data exfiltration or malicious redirects. The downloads permission, while potentially useful for downloading SoundCloud tracks, creates opportunities for unauthorized file downloads. The broad host permissions extending beyond core SoundCloud domains (soundcloud.com, sndcdn.com) to include soundcloud.cloud and the suspicious third-party sites significantly expand the attack surface.

Recommendations:

Consider running this extension in a separate Chrome profile to isolate potential risks from your main browsing session. Monitor your download folder for any unexpected files. Be cautious about logging into sensitive accounts while this extension is active. Consider alternative SoundCloud enhancement extensions from more established developers with clearer permission scopes. If you must use this extension, regularly review your download history and network activity for suspicious behavior.

Findings

HIGH

Broad Host Permissions

This extension has broad host permissions allowing it to access many or all websites. This could potentially be used to steal sensitive data or track browsing activity.

HIGH

High-Risk Permission: downloads

This extension has the downloads permission. Can download files and access download history. This could potentially be used maliciously to compromise security or privacy.

MEDIUM

Medium-Risk Permission: activeTab

This extension has the activeTab permission. Can access the active tab when clicking the extension icon.

MEDIUM

Medium-Risk Permission: storage

This extension has the storage permission. Can store data locally.

Security Analysis Details

Required Permissions:

activeTab
storage
downloads

Host Permissions:

*://*.soundcloud.com/*
*://*.sndcdn.com/*
*://*.soundcloud.cloud/*
*://sd.theany.ir/*
https://unifybrowse.com/*
https://sd.theany.ir/*

Content Security Policy:

extension_pages: script-src 'self'; object-src 'self'; connect-src 'self' https://soundcloud.com https://*.soundcloud.com https://*.sndcdn.com https://*.soundcloud.cloud https://sd.theany.ir https://unifybrowse.com https://sd.theany.ir

Embedded URLs (13 total):

https://sd.theany.ir	https://unifybrowse.com
https://clients2.google.com/service/update2/crx	https://unifybrowse.com/
https://sd.theany.ir/	https://soundcloud.com
https://react.dev/errors/	http://www.w3.org/2000/svg
http://www.w3.org/1998/Math/MathML	http://www.w3.org/1999/xlink
http://www.w3.org/XML/1998/namespace	https://chromewebstore.google.com/detail/soundcloud-enhanced-pro-%E2%80%93/ggplcohodggmdfpopelnpplhgfjclomi
https://buymeacoffee.com/unifybrowse

Raw Manifest

{
  "name": "__MSG_appName__",
  "icons": {
    "16": "icons/16.png",
    "32": "icons/32.png",
    "48": "icons/48.png",
    "128": "icons/128.png"
  },
  "action": {
    "default_popup": "popup.html",
    "default_title": "SoundCloud Enhanced Pro"
  },
  "version": "2.5.0",
  "commands": {
    "_execute_action": {
      "description": "Open SoundCloud Enhanced Pro",
      "suggested_key": {
        "mac": "Command+Shift+S",
        "default": "Ctrl+Shift+S"
      }
    }
  },
  "background": {
    "service_worker": "background.js"
  },
  "short_name": "SC Enhanced",
  "update_url": "https://clients2.google.com/service/update2/crx",
  "description": "__MSG_appDescription__",
  "permissions": [
    "activeTab",
    "storage",
    "downloads"
  ],
  "default_locale": "en",
  "host_permissions": [
    "*://*.soundcloud.com/*",
    "*://*.sndcdn.com/*",
    "*://*.soundcloud.cloud/*",
    "*://sd.theany.ir/*",
    "https://unifybrowse.com/*",
    "https://sd.theany.ir/*"
  ],
  "manifest_version": 3,
  "externally_connectable": {
    "matches": [
      "*://soundcloud.com/*"
    ]
  },
  "minimum_chrome_version": "88",
  "content_security_policy": {
    "extension_pages": "script-src 'self'; object-src 'self'; connect-src 'self' https://soundcloud.com https://*.soundcloud.com https://*.sndcdn.com https://*.soundcloud.cloud https://sd.theany.ir https://unifybrowse.com https://sd.theany.ir"
  },
  "web_accessible_resources": [
    {
      "matches": [
        "*://soundcloud.com/*"
      ],
      "resources": [
        "content-scripts/*",
        "assets/icons/*"
      ]
    }
  ]
}

by ✦ Astarte

SoundCloud Enhanced Pro

Extension Details

Context-Aware Verdict

Findings

Security Analysis Details

Required Permissions:

Host Permissions:

Content Security Policy:

Embedded URLs (13 total):

Raw Manifest

Detections

Manifest Findings