CRX aminer
[ new scan ] [ statistics ] [ github ] [ twitter ] [ help ]
Extension icon

verint.dpa.chrome.trigger

Version 15.2.11.903 View in Chrome Web Store

Last scanned: about 11 hours ago

Extension Details

Developer: https://www.verint.com/engagement/our-offerings/solutions/workforce-optimization/desktop-and-process-analytics/
Rating: 5.0 ★ (2 ratings)
Users: 1,000,000

Context-Aware Verdict

CRITICAL
Overall Risk
Trust Factors:

The extension has 1 million users and a perfect 5.0 rating, suggesting widespread adoption. However, the rating is based on only 2 reviews, which is suspiciously low for such a large user base. The developer is Verint, a legitimate enterprise software company specializing in workforce optimization and analytics solutions. The extension appears to be part of Verint's Desktop and Process Analytics (DPA) suite, which is typically deployed in corporate environments for employee monitoring and productivity analysis.

Concerns:

The extension's permission set is extremely invasive and represents a comprehensive surveillance toolkit. The combination of webRequest interception, broad host permissions covering all websites, universal content script injection, and web navigation tracking creates a powerful monitoring system. The browsingData permission adds another layer of concern, potentially allowing access to browsing history and other sensitive browser data. The idle permission suggests employee activity monitoring capabilities. Most concerning is that these permissions far exceed what would be necessary for typical productivity tools.

Recommendations:

This extension should only be used in managed corporate environments where employee monitoring is explicitly authorized and disclosed. Individual users should avoid installing this extension unless required by their employer. If mandatory for work, run it in a completely separate Chrome profile dedicated solely to work activities. Never use this profile for personal browsing, banking, or any sensitive activities. Organizations deploying this should ensure proper privacy policies and employee consent procedures are in place.

Findings

HIGH
Broad Content Script Injection
This extension can inject scripts into any website. This means it could potentially read sensitive data, modify website content, or steal credentials.
HIGH
Broad Host Permissions
This extension has broad host permissions allowing it to access many or all websites. This could potentially be used to steal sensitive data or track browsing activity.
HIGH
High-Risk Permission: tabs
This extension has the tabs permission. Can access browser tab information and manipulate tabs. This could potentially be used maliciously to compromise security or privacy.
HIGH
High-Risk Permission: webNavigation
This extension has the webNavigation permission. Can track your web navigation. This could potentially be used maliciously to compromise security or privacy.
HIGH
High-Risk Permission: webRequest
This extension has the webRequest permission. Can intercept and modify web requests. This could potentially be used maliciously to compromise security or privacy.
MEDIUM
Medium-Risk Permission: contextMenus
This extension has the contextMenus permission. Can add items to the context menu.
MEDIUM
Medium-Risk Permission: storage
This extension has the storage permission. Can store data locally.
by Astarte