Extension Details
Context-Aware Verdict
The extension has a relatively small user base of 1,000 users, which limits community validation. The lack of visible rating, author information, and developer details raises transparency concerns. However, the specific targeting of healthcare platforms (Athenanet and EmergeCDS) suggests a specialized medical workflow tool, which could indicate legitimate business use.
The tabs permission is overly broad for an extension that appears to focus on specific healthcare platforms. This permission allows access to all browser tabs and their URLs, not just the medical sites it targets. The extension's scope is limited to healthcare platforms through content scripts, but the tabs permission extends beyond this boundary. The use of Manifest V2 indicates outdated security standards, as newer extensions should migrate to the more secure V3. The absence of developer information and ratings makes it difficult to verify legitimacy.
Consider running this extension in a separate Chrome profile dedicated to healthcare work to isolate potential risks from personal browsing. Verify the extension's legitimacy with your healthcare organization's IT department before installation. Monitor for any unusual browser behavior or unauthorized tab access. If possible, seek alternatives that use Manifest V3 and have more transparent developer information. Given the healthcare context, ensure compliance with HIPAA and other medical data protection requirements.
Findings
Security Analysis Details
Required Permissions:
- tabs
Embedded URLs (12 total):
| https://my-heroku-drain.herokuapp.com/log/test | https://apis.emergecds.com:9000/api/v1/search/extention/log | |
| https://emergedi.atlassian.net/browse/DEV-1433 | https://athenanet.athenahealth.com/21697/39/mdp/ssoredirect.esp?PATIENTID=227029&SSOID=0f54606c%2D377c%2D4598%2D9467%2D0f5c8d12aa93&CSRFPROTECT=b889cdab698b7aaa792feaa3d0d8c2b3 | |
| https://athenanet.athenahealth.com/10534/50/ax/data?sources=file_links&chart_id=50086&patient_id=1050048 | https://athenanet.athenahealth.com/18277/67/ax/data?sources=file_links&chart_id=394279&patient_id=394159 | |
| https://athenanet.athenahealth.com | https://emergedi.atlassian.net/browse/CHAR-4604?focusedCommentId=31070&page=com.atlassian.jira.plugin.system.issuetabpanels%3Acomment-tabpanel#comment-31070 | |
| https://athenanet.athenahealth.com/4024/69/mdp/ssoredirect.esp?PATIENTID=112970& | https://clients2.google.com/service/update2/crx | |
| https://athenanet.athenahealth.com/ | https://preview.athenahealth.com/ |
Raw Manifest
{ "name": "ChartScoutAssist", "icons": { "128": "128_128+logo.png" }, "version": "1.753", "background": { "scripts": [ "tattletale.js", "background.js" ] }, "update_url": "https://clients2.google.com/service/update2/crx", "description": "", "permissions": [ "tabs" ], "browser_action": { "default_icon": "icon-on.png", "default_title": "ChartScoutAssist is ENABLED. Click to turn off." }, "content_scripts": [ { "js": [ "athenahealth-content.js" ], "matches": [ "https://athenanet.athenahealth.com/*", "https://preview.athenahealth.com/*" ] }, { "js": [ "chartscout-content.js" ], "matches": [ "https://*.emergecds.com/chartscout/*" ] } ], "manifest_version": 2, "web_accessible_resources": [ "athenahealth-inject.js", "athenahealth-inject-v1.css", "athenahealth-inject-v2.css", "chartscout-inject.js", "search.png", "icon-on.png", "26.png" ] }
ⓘ CRXaminer has partnered with our friends at Secure Annex to provide additional findings unique to their platform.
Secure Annex also analyzes extensions from other browsers, IDEs, and can continuously monitor.
This extension may not yet be analyzed by Secure Annex.