[ new scan ] [ statistics ] [ github ] [ twitter ] [ help ]

AdShield - Ultimate Ad Blocker for YouTube

Version 3.7.1 View in Chrome Web Store

Last scanned: about 2 hours ago

Extension Details

Developer: MARCODE LTD

Rating: 4.9 ★ (697 ratings)

Users: 30,000

Context-Aware Verdict

HIGH

Overall Risk

Trust Factors:

The extension has a solid user base of 30,000 users with an excellent 4.9-star rating from 697 reviews, suggesting good user satisfaction. The developer MARCODE LTD appears to be an established entity. The specific focus on YouTube ad blocking is a legitimate and popular use case.

Concerns:

The extension exhibits several concerning security patterns that exceed what's necessary for YouTube ad blocking. The content script injection across all URLs (<all_urls>) is excessive - a YouTube ad blocker should only need access to YouTube domains. The tabs permission allows manipulation of browser tabs and access to sensitive tab information, which isn't required for ad blocking functionality. The broad host permissions combined with universal content script injection creates significant potential for data theft or malicious activity beyond the stated purpose.

Recommendations:

Given the high risk profile, consider running this extension in a separate Chrome profile to isolate potential security impacts. Alternative ad blockers like uBlock Origin or AdBlock Plus offer similar functionality with more restrictive permissions. If you choose to keep this extension, regularly monitor your browsing activity for unusual behavior and consider disabling it when not actively watching YouTube. The permission scope suggests capabilities far beyond simple ad blocking, warranting careful consideration of whether the convenience justifies the security exposure.

Findings

HIGH

Broad Content Script Injection

This extension can inject scripts into any website. This means it could potentially read sensitive data, modify website content, or steal credentials.

HIGH

Broad Host Permissions

This extension has broad host permissions allowing it to access many or all websites. This could potentially be used to steal sensitive data or track browsing activity.

HIGH

High-Risk Permission: tabs

This extension has the tabs permission. Can access browser tab information and manipulate tabs. This could potentially be used maliciously to compromise security or privacy.

MEDIUM

Medium-Risk Permission: storage

This extension has the storage permission. Can store data locally.

Security Analysis Details

Required Permissions:

declarativeNetRequest
storage
tabs
scripting
offscreen

Optional Permissions:

alarms

Host Permissions:

*://*.youtube.com/*

Embedded URLs (17 total):

https://adpocalypse.net/api/rules/	https://adpocalypse.net/api/tracking/lifecycle
https://adpocalypse.net/app/uninstall?	https://www.google.com/search
https://www.google.com/wizrpcui	https://www.google.com
https://adstransparency.google.com	https://adstransparency.google.com?
https://adpocalypse.net/api	https://adpocalypse.net/app/blocker-feedback?v=
https://adpocalypse.net/app/options?ext_id=	https://adpocalypse.net/features?tab=fraud-detection
https://adpocalypse.net/legals?tab=terms	https://adpocalypse.net/legals?tab=privacy
https://adpocalypse.net/app/complete?cid=	http://www.w3.org/2000/svg
https://clients2.google.com/service/update2/crx

Raw Manifest

{
  "name": "AdShield - Ultimate Ad Blocker for YouTube",
  "icons": {
    "16": "dist/icons/16.png",
    "32": "dist/icons/32.png",
    "48": "dist/icons/48.png",
    "64": "dist/icons/64.png",
    "128": "dist/icons/128.png",
    "256": "dist/icons/256.png",
    "512": "dist/icons/512.png"
  },
  "action": {
    "default_icon": {
      "16": "dist/icons/16.png",
      "32": "dist/icons/32.png",
      "48": "dist/icons/48.png",
      "64": "dist/icons/64.png",
      "128": "dist/icons/128.png",
      "256": "dist/icons/256.png",
      "512": "dist/icons/512.png"
    },
    "default_popup": "dist/popup/popup.html"
  },
  "version": "3.7.1",
  "background": {
    "service_worker": "dist/background/background.js"
  },
  "update_url": "https://clients2.google.com/service/update2/crx",
  "description": "Skip the ads. Watch YouTube. Block pre-roll, mid-roll, and banner ads instantly. Fast, lightweight, privacy-focused.",
  "permissions": [
    "declarativeNetRequest",
    "storage",
    "tabs",
    "scripting",
    "offscreen"
  ],
  "content_scripts": [
    {
      "js": [
        "dist/content/e6e30e37-9732-46b1-a76f-50a7d4328a77.js"
      ],
      "run_at": "document_start",
      "matches": [
        "<all_urls>"
      ]
    }
  ],
  "host_permissions": [
    "*://*.youtube.com/*"
  ],
  "manifest_version": 3,
  "optional_permissions": [
    "alarms"
  ],
  "externally_connectable": {
    "matches": [
      "*://adpocalypse.net/*",
      "*://*.adpocalypse.net/*"
    ]
  },
  "declarative_net_request": {
    "rule_resources": [
      {
        "id": "easylist_rules",
        "path": "dist/rules/rules.json",
        "enabled": true
      }
    ]
  },
  "web_accessible_resources": [
    {
      "matches": [
        "*://*.youtube.com/*"
      ],
      "resources": [
        "dist/content/a1b2c3d4-e5f6-7890-abcd-ef1234567890.js"
      ]
    },
    {
      "matches": [
        "*://*.youtube.com/*"
      ],
      "resources": [
        "dist/classic/utils.js"
      ]
    },
    {
      "matches": [
        "*://*.youtube.com/*"
      ],
      "resources": [
        "dist/oldv2/utils.js"
      ]
    }
  ],
  "optional_host_permissions": [
    "<all_urls>"
  ]
}

by ✦ Astarte

AdShield - Ultimate Ad Blocker for YouTube

Extension Details

Context-Aware Verdict

Findings

Security Analysis Details

Required Permissions:

Optional Permissions:

Host Permissions:

Embedded URLs (17 total):

Raw Manifest

Detections

Manifest Findings