Flonnect Enterprise: Video, Steps & Bug Reports
Version 1.1.5 View in Chrome Web Store
Extension Details
Context-Aware Verdict
The extension has extremely low adoption with only 28 users despite being available for some time, which raises significant red flags. While it maintains a 4.2 rating, the small user base makes this less meaningful. The developer domain flonnect.com suggests a legitimate business purpose for enterprise video and bug reporting functionality. However, the combination of minimal adoption and extensive permissions creates substantial concern.
The extension requests an excessive array of high-risk permissions that far exceed what would be necessary for basic video recording and bug reporting. The ability to capture desktop content, intercept all web requests, track navigation across all websites, and inject scripts into every page creates a perfect surveillance toolkit. The broad host permissions and content script injection capabilities mean this extension can access sensitive data on banking sites, email platforms, and any other website you visit. The webRequest permission allows it to potentially modify or intercept secure communications.
Do not install this extension in your primary browser profile. If you must use it for legitimate enterprise purposes, create a completely separate Chrome profile dedicated solely to this tool and avoid accessing any sensitive websites while using it. Verify directly with your IT department that this specific extension is required and approved. Consider whether the business functionality could be achieved through less invasive alternatives. The risk-to-benefit ratio appears heavily skewed toward risk given the extensive surveillance capabilities versus the stated purpose.
Findings
Security Analysis Details
Required Permissions:
- storage
- scripting
- tabCapture
- tabs
- offscreen
- activeTab
- desktopCapture
- contentSettings
- system.display
- webRequest
- webNavigation
- unlimitedStorage
Host Permissions:
- <all_urls>
Embedded URLs (36 total):
| https://chrome.google.com | https://backend.flonnect.com | |
| https://app.flonnect.com | https://newauth.flonnect.com | |
| https://testapp.flonnect.com | https://flonnect-capture-pdf.s3.ap-south-1.amazonaws.com/ | |
| https://flonnect.com/step-capture/ | http://www.w3.org/2000/svg | |
| https://reactjs.org/docs/error-decoder.html?invariant= | http://www.w3.org/1999/xlink | |
| http://www.w3.org/XML/1998/namespace | http://www.w3.org/1998/Math/MathML | |
| http://www.w3.org/1999/xhtml | https://github.com/styled-components/styled-components/blob/main/packages/styled-components/src/utils/errors.md# | |
| https://fonts.googleapis.com/css2?family=Inter:wght@100 | https://github.com/uuidjs/uuid#getrandomvalues-not-supported | |
| https://ipapi.co/json/ | https://docs.google.com/ | |
| https://challenges.cloudflare.com | https://clients2.google.com/service/update2/crx | |
| https://console.cloud.google.com/ | https://testcricket.flonnect.com/testcricket/flonnect | |
| https://testcricket.flonnect.com | https://api-js.mixpanel.com | |
| https://mixpanel.com | https://cdn.mxpnl.com | |
| https://cdn.mxpnl.com/libs/mixpanel-recorder.min.js | https://mixpanel.com/projects/replay-redirect? | |
| https://chromewebstore.google.com/detail/screen-webcam-recorder-fl/lkeokcighogdliiajgbbdjibidaaeang/reviews | https://flonnect.canny.io/feature-requests | |
| https://video-src-recorded.s3.ap-south-1.amazonaws.com/ | https://flonnect.com/pricing/ | |
| https://backend.flonnect.com/auth/api/google/login | https://testbackendadmin.flonnect.com | |
| https://evilmartians.com/chronicles/postcss-8-plugin-migration | https://www.w3ctech.com/topic/2226 |
Raw Manifest
{ "name": "Flonnect Enterprise: Video, Steps & Bug Reports", "icons": { "32": "Icons/32.png", "48": "Icons/48.png", "64": "Icons/64.png", "128": "Icons/128.png" }, "action": { "default_popup": "index.html" }, "version": "1.1.5", "background": { "service_worker": "background.js" }, "update_url": "https://clients2.google.com/service/update2/crx", "description": "Seamlessly capture screen, record meetings, document workflows, and report bugs—designed for enterprise teams.", "permissions": [ "storage", "scripting", "tabCapture", "tabs", "offscreen", "activeTab", "desktopCapture", "contentSettings", "system.display", "webRequest", "webNavigation", "unlimitedStorage" ], "content_scripts": [ { "js": [ "react-app-holder.js" ], "matches": [ "<all_urls>" ] }, { "js": [ "content.js" ], "matches": [ "<all_urls>" ] }, { "js": [ "log.bundle.js" ], "world": "MAIN", "run_at": "document_start", "matches": [ "<all_urls>" ], "all_frames": false, "exclude_globs": [ "https://docs.google.com/*", "https://console.cloud.google.com/*", "*://*.payu.in/_payment*", "*://secure.ccavenue.com/*" ] } ], "host_permissions": [ "<all_urls>" ], "manifest_version": 3, "externally_connectable": { "matches": [ "https://*.flonnect.com/*", "http://localhost:3000/*", "https://localhost:3000/*" ] }, "web_accessible_resources": [ { "matches": [ "<all_urls>" ], "resources": [ "Images/*", "options.html", "options.js", "contentImages/*", "recordingImages/*", "bug-report-images/*" ] } ] }
ⓘ CRXaminer has partnered with our friends at Secure Annex to provide additional findings unique to their platform.
Secure Annex also analyzes extensions from other browsers, IDEs, and can continuously monitor.
This extension may not yet be analyzed by Secure Annex.