[ new scan ] [ statistics ] [ github ] [ twitter ] [ help ]

ServiceNow Employee Center Browser Extension

Version 1.0.0 View in Chrome Web Store

Last scanned: about 2 hours ago

Extension Details

Rating: 3.5 ★

Users: 168

Context-Aware Verdict

CRITICAL

Overall Risk

Trust Factors:

The extension has very limited adoption with only 168 users and a moderate 3.5-star rating, which suggests either recent release or limited trust from users. The lack of clear developer information and company details raises additional concerns about accountability and transparency. ServiceNow is a legitimate enterprise software company, but without verified developer credentials, this could potentially be an impersonation attempt.

Concerns:

The extension requests extremely broad permissions that far exceed what would be necessary for a typical employee center browser extension. The combination of all_urls host permissions, content script injection across all websites, webRequest interception, and cookie access creates a perfect storm for data theft and privacy violations. These permissions would allow the extension to monitor all web traffic, steal login credentials, access sensitive corporate data, and track browsing behavior across every website visited. For an employee-focused tool, such extensive access is highly suspicious and unnecessary.

Recommendations:

Do not install this extension in your primary browser profile. If you must use it for work purposes, create a completely isolated Chrome profile dedicated solely to this extension and limit its use to only essential ServiceNow-related tasks. Verify with your IT department that this is an officially sanctioned extension before installation. Consider using ServiceNow's web interface directly instead of relying on this high-risk browser extension. Monitor your accounts for any suspicious activity if you've previously installed this extension.

Findings

HIGH

Broad Content Script Injection

This extension can inject scripts into any website. This means it could potentially read sensitive data, modify website content, or steal credentials.

HIGH

Broad Host Permissions

This extension has broad host permissions allowing it to access many or all websites. This could potentially be used to steal sensitive data or track browsing activity.

HIGH

High-Risk Permission: cookies

This extension has the cookies permission. Can access and modify browser cookies. This could potentially be used maliciously to compromise security or privacy.

HIGH

High-Risk Permission: tabs

This extension has the tabs permission. Can access browser tab information and manipulate tabs. This could potentially be used maliciously to compromise security or privacy.

HIGH

High-Risk Permission: webRequest

This extension has the webRequest permission. Can intercept and modify web requests. This could potentially be used maliciously to compromise security or privacy.

MEDIUM

Medium-Risk Permission: contextMenus

This extension has the contextMenus permission. Can add items to the context menu.

MEDIUM

Medium-Risk Permission: notifications

This extension has the notifications permission. Can show notifications.

MEDIUM

Medium-Risk Permission: storage

This extension has the storage permission. Can store data locally.

Raw Manifest

{
  "name": "ServiceNow Employee Center Browser Extension",
  "icons": {
    "16": "assets/now16.png",
    "32": "assets/now32.png",
    "48": "assets/now48.png",
    "128": "assets/now128.png"
  },
  "action": {
    "default_title": "ServiceNow Employee Center Browser Extension"
  },
  "omnibox": {
    "keyword": "ec"
  },
  "storage": {
    "managed_schema": "extension-setup-config.json"
  },
  "version": "1.0.0",
  "commands": {
    "focus-extension": {
      "description": "Focus the extension",
      "suggested_key": {
        "default": "Ctrl+Shift+Y"
      }
    }
  },
  "background": {
    "type": "module",
    "service_worker": "background.js"
  },
  "update_url": "https://clients2.google.com/service/update2/crx",
  "description": "ServiceNow Employee Center Browser Extension",
  "permissions": [
    "notifications",
    "tabs",
    "contextMenus",
    "cookies",
    "storage",
    "webRequest"
  ],
  "content_scripts": [
    {
      "js": [
        "content/pageListener.js"
      ],
      "css": [
        "css/floating-panel.css",
        "css/empty-state.css",
        "css/fonts.css"
      ],
      "run_at": "document_end",
      "matches": [
        "<all_urls>"
      ],
      "all_frames": true
    }
  ],
  "host_permissions": [
    "<all_urls>"
  ],
  "manifest_version": 3,
  "web_accessible_resources": [
    {
      "matches": [
        "<all_urls>"
      ],
      "resources": [
        "css/*.css",
        "html/*.html",
        "assets/*",
        "fonts/*"
      ]
    }
  ]
}

by ✦ Astarte

ServiceNow Employee Center Browser Extension

Extension Details

Context-Aware Verdict

Findings

Security Analysis Details

Required Permissions:

Host Permissions:

Embedded URLs (3 total):

Raw Manifest

Detections

Manifest Findings

http://www.w3.org/2000/svg	https://clients2.google.com/service/update2/crx
https://github.com/babel/babel/blob/main/packages/babel-helpers/LICENSE