[ new scan ] [ statistics ] [ github ] [ twitter ] [ help ]

Power BI Visuals Auto-Refresh

Version 1.0 View in Chrome Web Store

Last scanned: about 14 hours ago

Extension Details

Developer: vahiddm.com

Rating: 5.0 ★ (1 rating)

Users: 1,000

Context-Aware Verdict

HIGH

Overall Risk

Trust Factors:

The extension has very limited trust indicators with only 1,000 users and a single 5-star rating, which is insufficient to establish credibility. The developer domain "vahiddm.com" lacks recognizable brand authority, and the absence of detailed developer information raises transparency concerns. The extension's narrow focus on Power BI auto-refresh functionality appears legitimate for its stated purpose.

Concerns:

The tabs permission is excessive for an auto-refresh tool and creates significant security risks by allowing tab manipulation and access to browsing information. While host permissions are appropriately scoped to Power BI domains rather than all websites, the combination of tabs and scripting permissions could enable malicious activities beyond the extension's stated functionality. The storage permission, though lower risk, adds to the overall attack surface. The low user base and minimal rating history make it difficult to verify the extension's behavior in practice.

Recommendations:

Consider running this extension in a separate Chrome profile dedicated to Power BI work to isolate potential risks. Monitor the extension's behavior closely and revoke permissions if any suspicious activity occurs. Look for alternative auto-refresh extensions with better security practices and larger user bases. If you must use this extension, ensure your Power BI account uses strong authentication and regularly review your browser's security settings.

Findings

HIGH

Broad Host Permissions

This extension has broad host permissions allowing it to access many or all websites. This could potentially be used to steal sensitive data or track browsing activity.

HIGH

High-Risk Permission: tabs

This extension has the tabs permission. Can access browser tab information and manipulate tabs. This could potentially be used maliciously to compromise security or privacy.

MEDIUM

Medium-Risk Permission: storage

This extension has the storage permission. Can store data locally.

Raw Manifest

{
  "name": "Power BI Visuals Auto-Refresh",
  "icons": {
    "16": "icon16.png",
    "48": "icon48.png",
    "128": "icon128.png"
  },
  "action": {
    "default_popup": "popup.html"
  },
  "version": "1.0",
  "background": {
    "service_worker": "background.js"
  },
  "update_url": "https://clients2.google.com/service/update2/crx",
  "description": "Automatically refreshes PowerBI visuals at user-defined intervals without manual intervention-Developed by Vahid Doustimajd.",
  "permissions": [
    "scripting",
    "storage",
    "tabs"
  ],
  "host_permissions": [
    "https://app.powerbi.com/*"
  ],
  "manifest_version": 3
}

by ✦ Astarte

Power BI Visuals Auto-Refresh

Extension Details

Context-Aware Verdict

Findings

Security Analysis Details

Required Permissions:

Host Permissions:

Embedded URLs (2 total):

Raw Manifest

Detections

Manifest Findings