CRX aminer
[ new scan ] [ statistics ] [ github ] [ twitter ]
Extension icon

MyAdPrice

Version 1.2.1 View in Chrome Web Store

Last scanned: about 18 hours ago

Extension Details

Developer: https://myadprice.github.io/
Rating: 3.7 ★ (3 ratings)
Users: 213

Context-Aware Verdict

CRITICAL
Risk Level
Trust Factors:

The extension has extremely limited trust indicators with only 213 users and a modest 3.7-star rating from just 3 reviews. The minimal user base and lack of established reputation raise significant concerns. The developer information is sparse, providing only a GitHub Pages URL without clear company credentials or contact details. The extension's purpose is unclear from the provided description, making it difficult to assess legitimate functionality.

Concerns:

The permission set is extraordinarily broad and dangerous for an extension with unclear functionality. The combination of webRequest and webRequestBlocking permissions with all_urls access creates a perfect storm for malicious activity. This setup allows the extension to intercept, modify, and block all web traffic across every website you visit. The activeTab and storage permissions, while individually moderate risk, compound the threat when combined with the network interception capabilities. The use of outdated Manifest V2 indicates the extension hasn't been updated to meet modern security standards.

Recommendations:

Do not install this extension under any circumstances given the critical risk level and unclear purpose. If you must evaluate it for research purposes, use a completely isolated Chrome profile with no personal data or accounts. Consider reporting this extension to Chrome Web Store for review due to the dangerous permission combination relative to its unclear functionality. Look for alternative extensions with clearer purposes, better ratings, larger user bases, and more restrictive permissions that align with their stated functionality.

Security Analysis

CRITICAL
Overall Risk
Based on 7 total findings, ranked without considering overall context, including 4 high-risk and 3 medium-risk findings.
HIGH
Dangerous Permission Combination: webRequest + webRequestBlocking
This extension can intercept, modify, and block web requests in real-time. This combination could be used to modify sensitive web traffic or steal data.
HIGH
High-Risk Permission: <all_urls>
This extension has the <all_urls> permission. Can access all websites and their content. This could potentially be used maliciously to compromise security or privacy.
HIGH
High-Risk Permission: webRequest
This extension has the webRequest permission. Can intercept and modify web requests. This could potentially be used maliciously to compromise security or privacy.
HIGH
High-Risk Permission: webRequestBlocking
This extension has the webRequestBlocking permission. Can block and modify web requests in real-time. This could potentially be used maliciously to compromise security or privacy.
MEDIUM
Medium-Risk Permission: activeTab
This extension has the activeTab permission. Can access the active tab when clicking the extension icon.
MEDIUM
Medium-Risk Permission: storage
This extension has the storage permission. Can store data locally.
MEDIUM
Older Manifest Version
This extension uses Manifest Version 2, which has fewer security restrictions than Manifest V3. Consider using extensions that have upgraded to V3.