Extension Details
Developer:
yescaptcha.com
Rating:
3.5 ★
(22 ratings)
Users:
100,000
Context-Aware Verdict
This section provides a Claude-based AI analysis that applies additional context to the risk. Results are not guaranteed to be accurate.
HIGH
Overall Risk
Trust Factors: The extension has a moderate user base of 100,000 users, but the relatively low rating of 3.5 stars from only 22 reviews raises concerns about user satisfaction. The developer domain yescaptcha.com suggests this is a CAPTCHA-solving service, which is a legitimate use case but often operates in gray areas regarding website terms of service.
Concerns: The most significant concern is the broad host permissions allowing access to all websites, which is excessive for a CAPTCHA assistant. This creates potential for data harvesting, credential theft, or unauthorized tracking across all browsing activity. The content scripts running on all HTTP and HTTPS sites compound this risk. While storage and contextMenus permissions are reasonable for this type of extension, the combination with unrestricted web access creates a high-risk profile.
Recommendations: Consider running this extension in a separate Chrome profile dedicated to CAPTCHA-solving activities only. Regularly review the extension's behavior and consider alternatives with more limited permissions. Monitor your browsing data and be cautious about using this extension on sites containing sensitive information like banking or personal accounts. Given the broad permissions, this extension could potentially access and transmit any data from websites you visit, making it unsuitable for general browsing without proper isolation.
Findings
This section provides a detailed analysis of the extension's security posture, without broader context. Assumes worst-case impact.
HIGH
Broad Host Permissions
This extension has broad host permissions allowing it to access many or all websites. This could potentially be used to steal sensitive data or track browsing activity.
MEDIUM
Medium-Risk Permission: contextMenus
This extension has the contextMenus permission. Can add items to the context menu.
MEDIUM
Medium-Risk Permission: storage
This extension has the storage permission. Can store data locally.
Security Analysis Details
Required Permissions:
- storage
- contextMenus
- alarms
Host Permissions:
- <all_urls>
Embedded URLs (20 total):
| https://dev.yescaptcha.com | https://api.yescaptcha.com | |
| https://plugin-api.yescaptcha.com/ | https://mysignins.microsoft.com/security-info | |
| https://appleid.apple.com/widget/account/ | https://discord.com/ | |
| https://clients2.google.com/service/update2/crx | https://YesCaptcha.com | |
| https://github.com/mui/material-ui/issues/30011#issuecomment-1024993401 | https://mui.com/guides/classname-generator/ | |
| https://mui.com/production-error/?code= | https://reactjs.org/docs/error-decoder.html?invariant= | |
| http://www.w3.org/1999/xlink | http://www.w3.org/XML/1998/namespace | |
| http://www.w3.org/2000/svg | http://www.w3.org/1998/Math/MathML | |
| http://www.w3.org/1999/xhtml | https://yescaptcha.com/payment.html | |
| https://yescaptcha.com/i/ZbDpzw | https://yescaptcha.com/privacy |
Raw Manifest
{ "name": "__MSG_name__", "icons": { "128": "image/log.png" }, "action": { "default_icon": "image/log.png", "default_popup": "popup/index.html", "default_title": "__MSG_name__" }, "version": "1.3.4", "background": { "service_worker": "background.js" }, "update_url": "https://clients2.google.com/service/update2/crx", "description": "__MSG_pluginDesc__", "permissions": [ "storage", "contextMenus", "alarms" ], "options_page": "option/index.html", "default_locale": "en", "content_scripts": [ { "js": [ "content/captcha_manager.js" ], "css": [ "content/index.css" ], "run_at": "document_end", "matches": [ "http://*/*", "https://*/*" ], "all_frames": true }, { "js": [ "content/context_responder.js" ], "run_at": "document_start", "matches": [ "http://*/*", "https://*/*" ], "all_frames": false } ], "host_permissions": [ "<all_urls>" ], "manifest_version": 3, "web_accessible_resources": [ { "matches": [ "http://*/*", "https://*/*" ], "resources": [ "content/injected.js", "content/workStatus.js", "content/recaptchaProtocol.js" ] } ] }
ⓘ CRXaminer has partnered with our friends at Secure Annex to provide additional findings unique to their platform.
Secure Annex also analyzes extensions from other browsers, IDEs, and can continuously monitor.
Loading Secure Annex data...
Unable to load Secure Annex data.
This extension may not yet be analyzed by Secure Annex.
Detections
0Critical
0
High
0
Medium
0
Low
0
Has Verdicts
Yes
Manifest Findings
0Critical
0
High
0
Medium
0
Low
0
Secure Annex analyzed version: -