Extension Details
Context-Aware Verdict
The extension has very limited trust indicators with only 3,000 users and just 6 reviews, despite a perfect 5.0 rating. The developer "birdie.so" lacks established reputation or transparency about their identity and business practices. The missing description is particularly concerning as users cannot understand what the extension actually does or why it needs such extensive permissions.
The extension requests an extremely broad set of permissions that would be excessive for most legitimate use cases. The combination of tabCapture, desktopCapture, and webRequest permissions suggests screen recording and network monitoring capabilities. The broad host permissions covering all websites (<all_urls>) combined with scripting permissions creates potential for data harvesting across the entire web. The unsafe WebAssembly execution policy could hide malicious code, while the downloads permission adds file system access risks. Most concerning is the lack of any description to justify these powerful permissions.
Do not install this extension given the critical risk level and lack of transparency. If you must use it, run it in a completely isolated Chrome profile with no access to personal accounts or sensitive data. Consider alternative extensions with clearer purposes and more limited permissions. The combination of extensive permissions, minimal user base, and missing description strongly suggests this extension poses significant security and privacy risks that outweigh any potential benefits.
Findings
Security Analysis Details
Required Permissions:
- storage
- contextMenus
- tabs
- activeTab
- tabCapture
- offscreen
- scripting
- desktopCapture
- webRequest
- downloads
- notifications
- alarms
Host Permissions:
- https://*/*
- http://*/*
- <all_urls>
- file:///*
Content Security Policy:
- extension_pages: script-src 'self' 'wasm-unsafe-eval'; object-src 'self'
Embedded URLs (19 total):
| https://clients2.google.com/service/update2/crx | http://www.w3.org/2000/svg | |
| https://www.google.com/favicon.ico? | https://app.birdie.so/library/personal | |
| https://www.birdie.so/help | https://app.birdie.so | |
| https://app.birdie.test | https://www.birdie.so/uninstall/extension?email= | |
| https://app.birdie.test/ | https://docs.birdie.so/birdie-docs/troubleshooting/extension/error-this-page-cannot-be-scripted-due-to-an-extensionssettings-policy | |
| http://www.example.com | https://vuejs.org/error-reference/#runtime- | |
| http://www.w3.org/1998/Math/MathML | http://www.w3.org/1999/xlink | |
| https://clipboardjs.com/ | https://web.dev/cross-origin-isolation-guide/ | |
| http://www.apache.org/licenses/LICENSE-2.0 | https://182755b3eae849739ff6e9f488ea0a4c@o739267.ingest.us.sentry.io/4508803055222784 | |
| http://www.w3.org/1999/xhtml |
Raw Manifest
{ "name": "Birdie", "icons": { "16": "images/icon-16x16.png", "48": "images/icon-48x48.png", "128": "images/icon-128x128.png" }, "action": { "default_icon": { "16": "images/icon-16x16.png", "48": "images/icon-48x48.png", "128": "images/icon-128x128.png" } }, "version": "0.7.33", "commands": { "draw-shortcut": { "description": "Enable/Disable Drawing", "suggested_key": { "mac": "Command+Shift+E", "default": "Ctrl+Shift+E" } }, "pause-recording-shortcut": { "description": "Pause/Resume Recording", "suggested_key": { "mac": "Command+Shift+P", "default": "Ctrl+Shift+P" } }, "start-recording-shortcut": { "description": "Start/Stop Recording", "suggested_key": { "mac": "Command+Shift+S", "default": "Ctrl+Shift+S" } } }, "incognito": "spanning", "background": { "type": "module", "service_worker": "js/background.js" }, "update_url": "https://clients2.google.com/service/update2/crx", "description": "Record your screen, capture logs, and document repro steps—all in one click. Simplify bug reporting and speed up issue resolution.", "permissions": [ "storage", "contextMenus", "tabs", "activeTab", "tabCapture", "offscreen", "scripting", "desktopCapture", "webRequest", "downloads", "notifications", "alarms" ], "version_name": "0.7.33", "content_scripts": [ { "js": [ "js/content_handle.js" ], "run_at": "document_start", "matches": [ "https://*/*", "http://*/*" ] }, { "js": [ "js/content_birdie.js" ], "run_at": "document_start", "matches": [ "https://*.birdie.test/*", "https://*.birdie.so/*", "https://localhost:5173/*" ] } ], "host_permissions": [ "https://*/*", "http://*/*", "<all_urls>", "file:///*" ], "manifest_version": 3, "minimum_chrome_version": "116", "content_security_policy": { "extension_pages": "script-src 'self' 'wasm-unsafe-eval'; object-src 'self'" }, "web_accessible_resources": [ { "matches": [ "<all_urls>", "chrome-extension://*/*" ], "resources": [ "src/video.html", "js/video.js", "src/grantmic.html", "js/grantmic.js", "src/desktopRecord.html", "js/desktopRecordjs.js", "src/offscreen.html", "js/offscreenjs.js", "src/soundlevel.html", "js/soundleveljs.js", "js/birdie_logger.js", "js/init_pristine.js", "vad/vad.worklet.bundle.min.js", "vad/silero_vad_legacy.onnx", "vad/*.wasm", "vad/*.mjs", "content.css" ] } ] }
ⓘ CRXaminer has partnered with our friends at Secure Annex to provide additional findings unique to their platform.
Secure Annex also analyzes extensions from other browsers, IDEs, and can continuously monitor.
This extension may not yet be analyzed by Secure Annex.