[ new scan ] [ statistics ] [ github ] [ twitter ] [ help ]

Starting analysis...

Blocksi Enterprise Edition

Version 4.3.23 View in Chrome Web Store

Last scanned: 24 days ago | force re-scan

Extension Details

Developer: blocksi.net

Rating: 1.2 ★ (946 ratings)

Users: 2,000,000

Context-Aware Verdict

CRITICAL

Overall Risk

Trust Factors:

The extension has 2 million users, indicating widespread deployment, likely in educational or corporate environments given the "Enterprise Edition" name. However, the extremely low rating of 1.2 out of 5 stars from nearly 1,000 reviews is a major red flag, suggesting significant user dissatisfaction. The developer appears to be blocksi.net, which positions itself as a web filtering service, providing some legitimacy to the extensive permissions.

Concerns:

This extension has an exceptionally broad and invasive permission set that goes far beyond typical web filtering needs. The combination of webRequest, webRequestBlocking, and all_urls permissions creates a powerful surveillance and control mechanism. The ability to access browsing history, bookmarks, identity information, geolocation, and manage other extensions represents comprehensive system control. The enterprise.deviceAttributes permission suggests corporate deployment capabilities. Most concerning is the dangerous combination of permissions that could intercept, modify, and block all web traffic while accessing sensitive personal data.

Recommendations:

Given the critical risk level, avoid installing this extension on personal devices. If required by an organization, run it in a completely isolated Chrome profile with no personal browsing activity. Be aware that this extension can monitor and control virtually all browser activity. Organizations should carefully evaluate whether such extensive monitoring capabilities align with their privacy policies and employee rights. Consider alternative web filtering solutions with more limited permission sets if possible.

Findings

HIGH

Broad Content Script Injection

This extension can inject scripts into any website. This means it could potentially read sensitive data, modify website content, or steal credentials.

HIGH

Broad Host Permissions

This extension has broad host permissions allowing it to access many or all websites. This could potentially be used to steal sensitive data or track browsing activity.

HIGH

Dangerous Permission Combination: webRequest + webRequestBlocking

This extension can intercept, modify, and block web requests in real-time. This combination could be used to modify sensitive web traffic or steal data.

HIGH

High-Risk Permission: bookmarks

This extension has the bookmarks permission. Can access and modify bookmarks. This could potentially be used maliciously to compromise security or privacy.

HIGH

High-Risk Permission: history

This extension has the history permission. Can access your browsing history. This could potentially be used maliciously to compromise security or privacy.

HIGH

High-Risk Permission: identity

This extension has the identity permission. Can access your identity information. This could potentially be used maliciously to compromise security or privacy.

HIGH

High-Risk Permission: management

This extension has the management permission. Can manage other extensions. This could potentially be used maliciously to compromise security or privacy.

HIGH

High-Risk Permission: tabs

This extension has the tabs permission. Can access browser tab information and manipulate tabs. This could potentially be used maliciously to compromise security or privacy.

HIGH

High-Risk Permission: webNavigation

This extension has the webNavigation permission. Can track your web navigation. This could potentially be used maliciously to compromise security or privacy.

HIGH

High-Risk Permission: webRequest

This extension has the webRequest permission. Can intercept and modify web requests. This could potentially be used maliciously to compromise security or privacy.

HIGH

High-Risk Permission: webRequestBlocking

This extension has the webRequestBlocking permission. Can block and modify web requests in real-time. This could potentially be used maliciously to compromise security or privacy.

MEDIUM

Medium-Risk Permission: activeTab

This extension has the activeTab permission. Can access the active tab when clicking the extension icon.

MEDIUM

Medium-Risk Permission: geolocation

This extension has the geolocation permission. Can access your location.

MEDIUM

Medium-Risk Permission: notifications

This extension has the notifications permission. Can show notifications.

MEDIUM

Medium-Risk Permission: storage

This extension has the storage permission. Can store data locally.

Security Analysis Details

Required Permissions:

tabs
activeTab
storage
webRequest
identity
identity.email
alarms
nativeMessaging
webNavigation
management
geolocation
history
offscreen
webRequestBlocking
idle
notifications
enterprise.deviceAttributes
bookmarks
tabGroups

Host Permissions:

<all_urls>

Embedded URLs (60 total):

https://docs.datadoghq.com	https://www.datadoghq-browser-agent.com
https://www.datad0g-browser-agent.com	https://d3uc069fcn7uxw.cloudfront.net
https://d20xtzwzcl0ceb.cloudfront.net	https://aomediacodec.github.io/av1-rtp-spec/#dependency-descriptor-rtp-header-extension
https://feross.org	https://mths.be/utf8js
https://feross.org/opensource	https://vuejs.org/error-reference/#runtime-
http://www.w3.org/2000/svg	http://www.w3.org/1998/Math/MathML
http://www.w3.org/1999/xlink	https://github.com/infinitered/nsfwjs?tab=readme-ov-file#browserify
https://github.com/infinitered/nsfwjs?tab=readme-ov-file#host-your-own-model	https://developer.mozilla.org/en-US/docs/Web/API/Fetch_API
https://github.com/tensorflow/tfjs/issues	https://github.com/tensorflow/tfjs-node
https://www.shadertoy.com/view/4djSRW	https://github.com/tensorflow/tfjs/issues/1735
https://github.com/tensorflow/tfjs/issues/5447	https://arxiv.org/abs/1706.02515
http://www.apache.org/licenses/LICENSE-2.0	https://opensource.org/licenses/MIT.
https://www.apache.org/licenses/LICENSE-2.0	https://fonts.googleapis.com/css?family=Open+Sans
https://service.blocksi.net/config	https://service1.blocksi.net
https://api.blocksi.net/api/2.0	https://google.com/webfilter
https://api.blocksi.net/v2/url-classifier-llm	https://www.youtube.com/
https://m.youtube.com/	https://youtubei.googleapis.com/
https://youtube.googleapis.com/	https://www.youtube-nocookie.com/
https://gmail.com	https://log.blocksi.net/v1/sendLog
https://service.blocksi.net/location?	https://www.youtube.com/watch?v=UxHtzcD5w4M
https://www.youtube.com/watch?v=91kMzHkPr38	https://www.youtube.com/shorts/Jk0DlpytLi0
https://www.youtube.com/watch?v=K1bqOLECS98	https://api.ipify.org
http://ip-api.com/json/?fields=query	https://capportal.blocksi.net/register
https://api2.blocksi.net/my-ip	https://log.blocksi.net/v1/screenshotUploadUrl
https://log.blocksi.net/v1/metrics	http://127.0.0.1:9432
http://127.0.0.1:37163/save_log	https://service.blocksi.net/time?
https://www.youtube.com/watch?v=	https://fonts.googleapis.com/css?family=Poppins:400
https://www.blocksi.net/	https://storage.googleapis.com/custom_extension_pages_files/
https://fonts.googleapis.com/css?family=Roboto:400	https://storage.googleapis.com/blocksi_files/gamingdisabled.png
https://fonts.googleapis.com/css?family=Poppins	https://clients2.google.com/service/update2/crx

Raw Manifest

{
  "name": "Blocksi Enterprise Edition",
  "icons": {
    "16": "images/logos/16x16.png",
    "48": "images/logos/48x48.png",
    "128": "images/logos/128x128.png"
  },
  "action": {},
  "version": "4.3.23",
  "background": {
    "service_worker": "background.js"
  },
  "update_url": "https://clients2.google.com/service/update2/crx",
  "description": "Blocksi Extension",
  "permissions": [
    "tabs",
    "activeTab",
    "storage",
    "webRequest",
    "identity",
    "identity.email",
    "alarms",
    "nativeMessaging",
    "webNavigation",
    "management",
    "geolocation",
    "history",
    "offscreen",
    "webRequestBlocking",
    "idle",
    "notifications",
    "enterprise.deviceAttributes",
    "bookmarks",
    "tabGroups"
  ],
  "options_page": "blockPage.html",
  "content_scripts": [
    {
      "js": [
        "contentScript.js"
      ],
      "run_at": "document_start",
      "matches": [
        "<all_urls>"
      ],
      "exclude_matches": [
        "*://*.sharepoint.com/*",
        "*://*.office.com/*",
        "*://*.officeapps.live.com/*",
        "*://*.office365.com/*",
        "*://hubblecontent.osi.office.net/*",
        "*://cdn.hubblecontent.osi.office.net/*",
        "*://docs.google.com/*"
      ]
    },
    {
      "js": [
        "iframeObserver_contentScript.js"
      ],
      "run_at": "document_start",
      "matches": [
        "<all_urls>"
      ],
      "all_frames": true
    },
    {
      "js": [
        "contentScript.js"
      ],
      "run_at": "document_start",
      "matches": [
        "*://*.sharepoint.com/*",
        "*://*.office.com/*",
        "*://*.officeapps.live.com/*",
        "*://*.office365.com/*",
        "*://hubblecontent.osi.office.net/*",
        "*://cdn.hubblecontent.osi.office.net/*",
        "*://docs.google.com/*"
      ],
      "all_frames": true
    }
  ],
  "host_permissions": [
    "<all_urls>"
  ],
  "manifest_version": 3,
  "web_accessible_resources": [
    {
      "matches": [
        "<all_urls>"
      ],
      "resources": [
        "images/icons/raise-hand.svg",
        "images/icons/chatBubble.svg",
        "images/icons/yt-denied.png",
        "images/icons/yt-start.png",
        "images/icons/yt-sidebar.png",
        "images/icons/yt-results.png",
        "blockPage.html"
      ]
    }
  ]
}

by ✦ Astarte

Blocksi Enterprise Edition

Extension Details

Context-Aware Verdict

Findings

Security Analysis Details

Required Permissions:

Host Permissions:

Embedded URLs (60 total):

Raw Manifest

Detections

Manifest Findings