VratnePenize.cz Připomínáček
Version 4.0.14 View in Chrome Web Store
Last scanned: 1 day ago
| force re-scan
Extension Details
Developer:
http://www.vratnepenize.cz/
Rating:
4.5 ★
(23 ratings)
Users:
10,000
Context-Aware Verdict
This section provides a Claude-based AI analysis that applies additional context to the risk. Results are not guaranteed to be accurate.
CRITICAL
Risk Level
Trust Factors: The extension has a moderate user base of 10,000 users and a good rating of 4.5 stars from 23 reviews, suggesting some level of user satisfaction. The developer appears to be associated with vratnepenize.cz, which seems to be a Czech cashback or money-back service. However, the limited number of reviews relative to the user base and lack of detailed developer information raises some concerns about transparency.
Concerns: This extension exhibits extremely concerning permission combinations that far exceed what would be necessary for a typical cashback reminder service. The ability to inject content scripts into all websites while having access to tabs, web navigation tracking, request interception, and cookie manipulation creates a perfect storm for comprehensive user surveillance. The extension can essentially monitor and modify every aspect of your browsing experience across all websites, not just the two specified host domains. The unlimited storage permission suggests potential for extensive data collection and retention.
Recommendations: Do not install this extension on your primary browser profile. If you must use it for cashback services, create a completely separate Chrome profile dedicated solely to shopping activities and limit your browsing in that profile to only essential cashback-related sites. Consider using alternative cashback services that don't require such invasive browser extensions. Regularly audit what data the extension might be collecting and consider whether the cashback benefits justify the significant privacy risks.
Security Analysis
This section provides a detailed analysis of the extension's security posture, without broader context. Assumes worst-case impact.
CRITICAL
Overall Risk
Based on 7 total findings, ranked without considering overall context, including 5 high-risk and 2 medium-risk findings.
HIGH
Broad Content Script Injection
This extension can inject scripts into any website. This means it could potentially read sensitive data, modify website content, or steal credentials.
HIGH
High-Risk Permission: cookies
This extension has the cookies permission. Can access and modify browser cookies. This could potentially be used maliciously to compromise security or privacy.
HIGH
High-Risk Permission: tabs
This extension has the tabs permission. Can access browser tab information and manipulate tabs. This could potentially be used maliciously to compromise security or privacy.
HIGH
High-Risk Permission: webNavigation
This extension has the webNavigation permission. Can track your web navigation. This could potentially be used maliciously to compromise security or privacy.
HIGH
High-Risk Permission: webRequest
This extension has the webRequest permission. Can intercept and modify web requests. This could potentially be used maliciously to compromise security or privacy.
MEDIUM
Medium-Risk Permission: storage
This extension has the storage permission. Can store data locally.
MEDIUM
Medium-Risk Permission: unlimitedStorage
This extension has the unlimitedStorage permission. Can store unlimited data locally.
Security Analysis Details
Required Permissions:
- tabs
- webNavigation
- webRequest
- storage
- unlimitedStorage
- cookies
- alarms
Host Permissions:
- https://www.vratnepenize.cz/
- https://portals.aliexpress.com/
Embedded URLs (154 total):
| https://www.google-analytics.com/collect? | https://www.hamty.cz/nakoupit/ | |
| https://www.hamty.cz/nakoupit-kupon/ | https://www.hamty.cz/prejit-do-obchodu/ | |
| https://www.hamty.cz/ucet/doplnek/odinstalace-dokoncena | https://www.vratnepenize.cz/ucet-doplnek-odinstalace-dokoncena | |
| https://www.navratnepeniaze.sk/ucet-doplnok-odinstalacia-dokoncena | https://www.chamty.sk/ucet-doplnok-odinstalacia-dokoncena | |
| https://lodash.com/ | https://openjsf.org/ | |
| https://lodash.com/license | http://underscorejs.org/LICENSE | |
| https://npms.io/search?q=ponyfill. | https://developer.mozilla.org/docs/Mozilla/Add-ons/WebExtensions/API/runtime/onMessage | |
| https://www.hamty.cz | https://www.facebook.com/sharer.php?u= | |
| https://twitter.com/intent/tweet?text=Z%C3%ADsk%C3%A1v%C3%A1m%20nej%C5%A1t%C4%9Bd%C5%99ej%C5%A1%C3%AD%20odm%C4%9Bny%20z%20n%C3%A1kup%C5%AF%20v%20e-shopech%20p%C5%99es%20@hamtyCZ.%20Je%20to%20zdarma | https://www.vratnepenize.cz | |
| https://www.vratnepenize.cz/kategorie | https://www.vratnepenize.cz/doporuceni-priteli | |
| https://www.vratnepenize.cz/tipy-k-maximalni-spolehlivosti | https://www.navratnepeniaze.sk | |
| https://www.navratnepeniaze.sk/sk/kategorie | https://www.navratnepeniaze.sk/odporucanie-priatelovi | |
| https://www.navratnepeniaze.sk/tipy-k-maximalnej-spolahlivosti | https://www.chamty.sk/ | |
| https://www.chamty.sk | https://www.chamty.sk/kategorie | |
| https://www.chamty.sk/odporucanie-priatelovi | https://www.chamty.sk/tipy-k-maximalnej-spolahlivosti | |
| https://portals.aliexpress.com/ | https://portals.aliexpress.com/checkAffiProduct.do | |
| https://portals.aliexpress.com/linkchecker.htm | https://www.chamty.sk/doplnkova-funkcia-instalacia | |
| https://www.heureka. | http://www.w3.org/2000/svg | |
| https://clients2.google.com/service/update2/crx | https://www.vratnepenize.cz/ | |
| http://www.opensource.org/licenses/mit-license.php | https://developer.chrome.com/devtools/docs/javascript-debugging | |
| http://stackoverflow.com/a/26603875 | http://ecma-international.org/ecma-262/7.0/#sec-patterns | |
| http://ecma-international.org/ecma-262/7.0/#sec-template-literal-lexical-components | https://en.wikipedia.org/wiki/Combining_Diacritical_Marks | |
| https://en.wikipedia.org/wiki/Combining_Diacritical_Marks_for_Symbols | https://mathiasbynens.be/notes/javascript-unicode | |
| http://eev.ee/blog/2015/09/12/dark-corners-of-unicode/ | http://ecma-international.org/ecma-262/7.0/#sec-object.prototype.tostring | |
| http://ecma-international.org/ecma-262/7.0/#sec-samevaluezero | https://bugs.webkit.org/show_bug.cgi?id=156034 | |
| https://en.wikipedia.org/wiki/Exponentiation_by_squaring | https://mdn.io/clearTimeout | |
| https://github.com/jashkenas/underscore/pull/1247 | https://bugs.chromium.org/p/v8/issues/detail?id=90 | |
| http://ecma-international.org/ecma-262/7.0/#sec-ecmascript-function-objects-call-thisargument-argumentslist | https://es5.github.io/#x13.2.2 | |
| https://mdn.io/round#Examples | http://www.ecma-international.org/ecma-262/7.0/#sec-regexp.prototype.tostring | |
| http://ecma-international.org/ecma-262/7.0/#sec-object.keys | https://bugs.chromium.org/p/v8/issues/detail?id=2070 | |
| https://mdn.io/setTimeout | https://mdn.io/Array/reverse | |
| https://mdn.io/Array/slice | https://en.wikipedia.org/wiki/Symmetric_difference | |
| https://mdn.io/iteration_protocols#iterator | https://en.wikipedia.org/wiki/Empty_set | |
| https://en.wikipedia.org/wiki/Vacuous_truth | https://en.wikipedia.org/wiki/Fisher-Yates_shuffle | |
| http://peter.michaux.ca/articles/lazy-function-definition-pattern | https://css-tricks.com/debouncing-throttling-explained-examples/ | |
| http://ecma-international.org/ecma-262/7.0/#sec-properties-of-the-map-prototype-object | https://mdn.io/rest_parameters | |
| http://www.ecma-international.org/ecma-262/7.0/#sec-function.prototype.apply | https://mdn.io/spread_operator | |
| https://mdn.io/Structured_clone_algorithm | https://mdn.io/Number/isFinite | |
| https://mdn.io/Number/isInteger | http://ecma-international.org/ecma-262/7.0/#sec-tolength | |
| http://www.ecma-international.org/ecma-262/7.0/#sec-ecmascript-language-types | https://mdn.io/Number/isNaN |
Page 1 of 2
Raw Manifest
{ "name": "VratnePenize.cz Připomínáček", "icons": { "16": "16x16.png", "18": "18x18.png", "32": "32x32.png", "128": "128x128.png" }, "action": { "default_icon": "128x128.png", "default_title": "VratnePenize.cz Připomínáček" }, "author": "VratnePenize.cz", "version": "4.0.14", "background": { "service_worker": "bg/bundle.js" }, "options_ui": { "page": "options.html" }, "update_url": "https://clients2.google.com/service/update2/crx", "description": "VratnePenize.cz Připomínáček vás upozorní na cashback a slevové kupony přímo v obchodech.", "permissions": [ "tabs", "webNavigation", "webRequest", "storage", "unlimitedStorage", "cookies", "alarms" ], "homepage_url": "https://www.vratnepenize.cz/", "content_scripts": [ { "js": [ "vendors/bundle.js", "content/bundle.js" ], "run_at": "document_idle", "matches": [ "<all_urls>" ], "all_frames": false } ], "host_permissions": [ "https://www.vratnepenize.cz/", "https://portals.aliexpress.com/" ], "manifest_version": 3, "web_accessible_resources": [ { "matches": [ "<all_urls>" ], "resources": [ "content/*.css", "content/*.svg", "*.css", "*.png" ] } ] }
Secure Annex (beta)
Coming soon...