[ new scan ] [ statistics ] [ github ] [ twitter ] [ help ]

Starting analysis...

Blocksi Enterprise Edition

Version 4.3.13 View in Chrome Web Store

Last scanned: 2 days ago | force re-scan

Extension Details

Developer: blocksi.net

Rating: 1.2 ★ (897 ratings)

Users: 1,000,000

Context-Aware Verdict

CRITICAL

Overall Risk

Trust Factors:

The extension has a substantial user base of 1 million users, indicating widespread deployment, likely in enterprise environments given the "Enterprise Edition" name. However, the extremely low rating of 1.2 out of 5 stars from 897 reviews is a major red flag, suggesting significant user dissatisfaction or functionality issues. The developer appears to be blocksi.net, which positions itself as a web filtering solution for educational institutions.

Concerns:

This extension exhibits characteristics of comprehensive monitoring software with extensive surveillance capabilities. The combination of permissions allows complete visibility into user browsing behavior, including history access, web request interception, tab monitoring, and identity collection. The ability to block web requests in real-time, manage other extensions, and inject content scripts across all websites creates a powerful control mechanism. The broad host permissions and content script injection capabilities mean this extension can access sensitive data on any website, including banking, email, and personal accounts.

Recommendations:

Given the critical risk level and poor user ratings, exercise extreme caution. If this extension is required by your organization, ensure you understand exactly what data is being collected and how it's used. Consider running it in a completely separate Chrome profile dedicated solely to monitored activities. Review your organization's privacy policies regarding employee monitoring. For personal use, this extension should be avoided entirely due to its invasive nature and poor reputation.

Findings

HIGH

Broad Content Script Injection

This extension can inject scripts into any website. This means it could potentially read sensitive data, modify website content, or steal credentials.

HIGH

Broad Host Permissions

This extension has broad host permissions allowing it to access many or all websites. This could potentially be used to steal sensitive data or track browsing activity.

HIGH

Dangerous Permission Combination: webRequest + webRequestBlocking

This extension can intercept, modify, and block web requests in real-time. This combination could be used to modify sensitive web traffic or steal data.

HIGH

High-Risk Permission: bookmarks

This extension has the bookmarks permission. Can access and modify bookmarks. This could potentially be used maliciously to compromise security or privacy.

HIGH

High-Risk Permission: history

This extension has the history permission. Can access your browsing history. This could potentially be used maliciously to compromise security or privacy.

HIGH

High-Risk Permission: identity

This extension has the identity permission. Can access your identity information. This could potentially be used maliciously to compromise security or privacy.

HIGH

High-Risk Permission: management

This extension has the management permission. Can manage other extensions. This could potentially be used maliciously to compromise security or privacy.

HIGH

High-Risk Permission: tabs

This extension has the tabs permission. Can access browser tab information and manipulate tabs. This could potentially be used maliciously to compromise security or privacy.

HIGH

High-Risk Permission: webNavigation

This extension has the webNavigation permission. Can track your web navigation. This could potentially be used maliciously to compromise security or privacy.

HIGH

High-Risk Permission: webRequest

This extension has the webRequest permission. Can intercept and modify web requests. This could potentially be used maliciously to compromise security or privacy.

HIGH

High-Risk Permission: webRequestBlocking

This extension has the webRequestBlocking permission. Can block and modify web requests in real-time. This could potentially be used maliciously to compromise security or privacy.

MEDIUM

Medium-Risk Permission: activeTab

This extension has the activeTab permission. Can access the active tab when clicking the extension icon.

MEDIUM

Medium-Risk Permission: geolocation

This extension has the geolocation permission. Can access your location.

MEDIUM

Medium-Risk Permission: notifications

This extension has the notifications permission. Can show notifications.

MEDIUM

Medium-Risk Permission: storage

This extension has the storage permission. Can store data locally.

Security Analysis Details

Required Permissions:

tabs
activeTab
storage
webRequest
identity
identity.email
alarms
nativeMessaging
webNavigation
management
geolocation
history
offscreen
webRequestBlocking
idle
notifications
enterprise.deviceAttributes
bookmarks

Host Permissions:

<all_urls>

Embedded URLs (60 total):

https://docs.datadoghq.com	https://www.datadoghq-browser-agent.com
https://www.datad0g-browser-agent.com	https://d3uc069fcn7uxw.cloudfront.net
https://d20xtzwzcl0ceb.cloudfront.net	https://aomediacodec.github.io/av1-rtp-spec/#dependency-descriptor-rtp-header-extension
https://feross.org	https://mths.be/utf8js
https://feross.org/opensource	https://vuejs.org/error-reference/#runtime-
http://www.w3.org/2000/svg	http://www.w3.org/1998/Math/MathML
http://www.w3.org/1999/xlink	http://www.iwf.org.uk/.
https://github.com/infinitered/nsfwjs?tab=readme-ov-file#browserify	https://github.com/infinitered/nsfwjs?tab=readme-ov-file#host-your-own-model
https://developer.mozilla.org/en-US/docs/Web/API/Fetch_API	https://github.com/tensorflow/tfjs/issues
https://github.com/tensorflow/tfjs-node	https://www.shadertoy.com/view/4djSRW
https://github.com/tensorflow/tfjs/issues/1735	https://github.com/tensorflow/tfjs/issues/5447
https://arxiv.org/abs/1706.02515	http://www.apache.org/licenses/LICENSE-2.0
https://opensource.org/licenses/MIT.	https://www.apache.org/licenses/LICENSE-2.0
https://fonts.googleapis.com/css?family=Open+Sans	https://service.blocksi.net/config
https://service1.blocksi.net	https://api.blocksi.net/api/2.0
https://google.com/webfilter	https://www.youtube.com/
https://m.youtube.com/	https://youtubei.googleapis.com/
https://youtube.googleapis.com/	https://www.youtube-nocookie.com/
https://gmail.com	https://log.blocksi.net/v1/sendLog
https://service.blocksi.net/location?	https://www.youtube.com/shorts/Jk0DlpytLi0
https://www.youtube.com/watch?v=K1bqOLECS98	https://www.youtube.com/watch?v=91kMzHkPr38
https://www.youtube.com/watch?v=UxHtzcD5w4M	https://api.ipify.org
http://ip-api.com/json/?fields=query	https://capportal.blocksi.net/register
https://api2.blocksi.net/my-ip	https://log.blocksi.net/v1/screenshotUploadUrl
https://log.blocksi.net/v1/metrics	http://127.0.0.1:9432
http://127.0.0.1:37163/save_log	https://service.blocksi.net/time?
https://www.youtube.com/watch?v=	https://fonts.googleapis.com/css?family=Poppins:400
https://www.blocksi.net/	https://storage.googleapis.com/custom_extension_pages_files/
https://fonts.googleapis.com/css?family=Roboto:400	https://storage.googleapis.com/blocksi_files/gamingdisabled.png
https://fonts.googleapis.com/css?family=Poppins	https://clients2.google.com/service/update2/crx

Raw Manifest

{
  "name": "Blocksi Enterprise Edition",
  "icons": {
    "16": "images/logos/16x16.png",
    "48": "images/logos/48x48.png",
    "128": "images/logos/128x128.png"
  },
  "action": {},
  "version": "4.3.13",
  "background": {
    "service_worker": "background.js"
  },
  "update_url": "https://clients2.google.com/service/update2/crx",
  "description": "Blocksi Extension",
  "permissions": [
    "tabs",
    "activeTab",
    "storage",
    "webRequest",
    "identity",
    "identity.email",
    "alarms",
    "nativeMessaging",
    "webNavigation",
    "management",
    "geolocation",
    "history",
    "offscreen",
    "webRequestBlocking",
    "idle",
    "notifications",
    "enterprise.deviceAttributes",
    "bookmarks"
  ],
  "options_page": "blockPage.html",
  "content_scripts": [
    {
      "js": [
        "contentScript.js"
      ],
      "run_at": "document_start",
      "matches": [
        "<all_urls>"
      ],
      "exclude_matches": [
        "*://*.sharepoint.com/*",
        "*://*.office.com/*",
        "*://*.officeapps.live.com/*",
        "*://*.office365.com/*",
        "*://hubblecontent.osi.office.net/*",
        "*://cdn.hubblecontent.osi.office.net/*",
        "*://docs.google.com/*"
      ]
    },
    {
      "js": [
        "iframeObserver_contentScript.js"
      ],
      "run_at": "document_start",
      "matches": [
        "<all_urls>"
      ],
      "all_frames": true
    },
    {
      "js": [
        "contentScript.js"
      ],
      "run_at": "document_start",
      "matches": [
        "*://*.sharepoint.com/*",
        "*://*.office.com/*",
        "*://*.officeapps.live.com/*",
        "*://*.office365.com/*",
        "*://hubblecontent.osi.office.net/*",
        "*://cdn.hubblecontent.osi.office.net/*",
        "*://docs.google.com/*"
      ],
      "all_frames": true
    }
  ],
  "host_permissions": [
    "<all_urls>"
  ],
  "manifest_version": 3,
  "web_accessible_resources": [
    {
      "matches": [
        "<all_urls>"
      ],
      "resources": [
        "images/icons/raise-hand.svg",
        "images/icons/chatBubble.svg",
        "images/icons/yt-denied.png",
        "images/icons/yt-start.png",
        "images/icons/yt-sidebar.png",
        "images/icons/yt-results.png"
      ]
    }
  ]
}

by ✦ Astarte

Blocksi Enterprise Edition

Extension Details

Context-Aware Verdict

Findings

Security Analysis Details

Required Permissions:

Host Permissions:

Embedded URLs (60 total):

Raw Manifest

Detections

Manifest Findings