Chessvision.ai Chess Position Scanner
Version 3.8.1 View in Chrome Web Store
Extension Details
Context-Aware Verdict
The extension has strong trust indicators with 100,000 users and a high 4.6-star rating from 734 reviews, suggesting genuine user satisfaction. The specific chess-focused functionality aligns well with its name and description. The developer appears to be an individual (Paweł Kacprzak) rather than a large company, which is common for specialized tools.
The primary concern is the broad host permissions (*://app.chessvision.ai/*), though this appears to be limited to the developer's own domain rather than all websites. The activeTab permission allows access to whatever page you're viewing when you click the extension, which could potentially access sensitive information on any website. The storage permission, while necessary for the extension's functionality, means it can store data locally on your device.
The security analysis flagged these permissions as potentially risky, but given the chess-specific nature of the extension, these permissions seem reasonably justified for scanning chess positions on various chess websites.
Consider using this extension in a separate Chrome profile if you frequently visit sensitive websites while playing chess online. Only activate the extension when you specifically need to scan chess positions. Review what data the extension stores locally through Chrome's extension settings. The extension appears legitimate for its intended purpose, but exercise normal caution when granting permissions to any browser extension.
Findings
Security Analysis Details
Required Permissions:
- activeTab
- storage
- scripting
Host Permissions:
- *://app.chessvision.ai/*
Content Security Policy:
- extension_pages: script-src 'self'; object-src 'self'
Embedded URLs (65 total):
| https://reactjs.org/docs/error-decoder.html?invariant= | http://www.w3.org/1999/xlink | |
| http://www.w3.org/XML/1998/namespace | http://www.w3.org/1999/xhtml | |
| http://www.w3.org/1998/Math/MathML | http://www.w3.org/2000/svg | |
| https://mui.com/production-error/?code= | http://jedwatson.github.io/classnames | |
| https://github.com/cssinjs/jss | http://fb.me/use-check-prop-types | |
| https://reactjs.org/link/react-polyfills | https://github.com/facebook/regenerator/blob/main/LICENSE | |
| http://app.chessvision.ai | https://chessvision-video-search.appspot.com | |
| https://www.chess.com/callback/daily/game/ | https://www.chess.com/callback/live/game/ | |
| https://my.chessvision.ai/chrome-extension/auth | https://my.chessvision.ai/chrome-extension/upgrade | |
| https://my.chessvision.ai/library | https://my.chessvision.ai | |
| https://chessvision.ai/ | https://ebook.chessvision.ai | |
| https://lichess.org/analysis/ | https://chessvision-extension-board.web.app/analysis/ | |
| https://app.chessvision.ai/chessable_courses_redirect?fen= | https://twitter.com | |
| https://x.com | https://lichess.org/analysis | |
| https://lichess.org/study | https://lichess.org/ | |
| https://www.chess.com/analysis | https://www.chess.com/explorer | |
| https://www.chess.com/classroom | https://i.ytimg.com/ | |
| https://www.youtube.com | https://www.youtube-nocookie.com | |
| https://www.google.com | https://static.doubleclick.net | |
| https://googleads.g.doubleclick.net | https://my.chessvision.ai/watch/ | |
| https://www.youtube.com/watch?v= | https://youtube.com/channel/ | |
| https://chessvision.ai | https://www.chessable.com | |
| https://www.chess.com/analysis?fen= | http://polymer.github.io/LICENSE.txt | |
| http://polymer.github.io/AUTHORS.txt | http://polymer.github.io/CONTRIBUTORS.txt | |
| http://polymer.github.io/PATENTS.txt | https://chrome.google.com/webstore/detail/johejpedmdkeiffkdaodgoipdjodhlld/reviews | |
| https://chessvision.ai/docs/browser-extension/faq#what-to-do-if-i-see-an-empty-analysis-board | https://fonts.googleapis.com/css?family=Roboto:300 | |
| http://www.apache.org/licenses/LICENSE-2.0 | https://www.chess.com/ | |
| https://www.youtube.com/ | https://twitter.com/ | |
| https://x.com/ | https://chessvision.ai/docs/browser-extension/tutorial | |
| https://chessvision.ai/docs/browser-extension/faq | https://twitter.com/ChessvisionAI | |
| https://discord.gg/zkcBPhWhme | https://lichess.org/team/chessvisionai-team | |
| https://apps.apple.com/us/app/id1574933453 | https://play.google.com/store/apps/details?id=ai.chessvision.scanner | |
| https://clients2.google.com/service/update2/crx |
Raw Manifest
{ "name": "Chessvision.ai Chess Position Scanner", "icons": { "128": "icon-128.png" }, "action": { "default_icon": "icon-128.png", "default_popup": "popup.html", "default_title": "Chessvision.ai Scan" }, "author": "Pawel Kacprzak", "version": "3.8.1", "background": { "service_worker": "background.bundle.js" }, "short_name": "Chessvision", "update_url": "https://clients2.google.com/service/update2/crx", "description": "Analyze chess positions from any website, book, and video in Chrome", "permissions": [ "activeTab", "storage", "scripting" ], "options_page": "options.html", "host_permissions": [ "*://app.chessvision.ai/*" ], "manifest_version": 3, "externally_connectable": { "matches": [ "https://*.chessvision.ai/*" ] }, "content_security_policy": { "extension_pages": "script-src 'self'; object-src 'self'" }, "web_accessible_resources": [ { "matches": [ "<all_urls>" ], "resources": [ "content.styles.css", "icon-128.png", "logo_sign.png", "bK.svg", "wK.svg", "fen_observers/*", "placeholders/*", "checkerboard.svg", "chessable.svg", "videos.svg" ] } ], "optional_host_permissions": [ "*://www.chess.com/*", "*://www.youtube.com/*", "*://lichess.org/*", "*://twitter.com/*", "*://x.com/*" ] }
ⓘ CRXaminer has partnered with our friends at Secure Annex to provide additional findings unique to their platform.
Secure Annex also analyzes extensions from other browsers, IDEs, and can continuously monitor.
This extension may not yet be analyzed by Secure Annex.