[ new scan ] [ statistics ] [ github ] [ twitter ] [ help ]

Bottomline PTX eSigner

Version 2.0.0.1 View in Chrome Web Store

Last scanned: about 5 hours ago

Extension Details

Rating: 3.0 ★ (2 ratings)

Context-Aware Verdict

HIGH

Overall Risk

Trust Factors:

The extension appears to be from Bottomline Technologies, a legitimate financial technology company that provides payment and banking solutions. However, the extremely low user base and minimal rating data (only 2 reviews with 3.0 stars) suggest limited adoption and testing. The lack of detailed developer information and recent update history raises additional concerns about maintenance and support.

Concerns:

The extension's permissions are disproportionately broad for what appears to be a digital signing tool. The combination of universal host permissions (*://*/*) and content script injection across all websites is excessive for an eSigning application, which should typically only need access to specific banking or payment platforms. The native messaging permission suggests communication with local system components, which combined with broad web access creates significant attack surface. These permissions would allow the extension to monitor all browsing activity, access sensitive data on any website, and potentially exfiltrate information through native messaging channels.

Recommendations:

Given the high-risk permissions and limited user validation, consider running this extension in a separate Chrome profile dedicated solely to Bottomline PTX activities. Only install if absolutely required for business operations and ensure it's the official version from Bottomline Technologies. Monitor the extension's behavior closely and disable it when not actively needed for eSigning tasks. Contact Bottomline support to verify the extension's legitimacy and necessity of broad permissions.

Findings

HIGH

Broad Content Script Injection

This extension can inject scripts into any website. This means it could potentially read sensitive data, modify website content, or steal credentials.

HIGH

Broad Host Permissions

This extension has broad host permissions allowing it to access many or all websites. This could potentially be used to steal sensitive data or track browsing activity.

Raw Manifest

{
  "key": "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjzcVqUFSCt1lRermk1kHRA/0iufM3spFF8wx4luvCxrqZQe4Z+48fi90kpIXzFJyA/3urfyx4CEdsL/jAehAS/rBLRTNHXrUkBw9E/0X45IU/0AVCGM+c3ujmJd+TsKIwgYqlZyjrUaX0azydF5FCwZkjOLGHS/ZWTF1vBTeIrR63wiLzk18F61DbPey5zgYywJC1A+2cQTc5cq9LdY5+elLFyCmmjdtCxIH5fVd1YEqXSdFxyDs9TglCkhKcu6fg8WSKIKtwiA9vF7jDY95VhBhcikHd9tXQV9E6fLd3nUzzEusI6Lhv62COSnUoUDDjLceFJcqJsNTWT6gdj58bwIDAQAB",
  "name": "Bottomline PTX eSigner",
  "icons": {
    "128": "icon-128.png"
  },
  "version": "2.0.0.1",
  "background": {
    "service_worker": "background.js"
  },
  "update_url": "https://clients2.google.com/service/update2/crx",
  "description": "Allows Bottomline PT-X to digitally sign payment & collection data",
  "permissions": [
    "nativeMessaging"
  ],
  "content_scripts": [
    {
      "js": [
        "content.js"
      ],
      "matches": [
        "*://*/*"
      ]
    }
  ],
  "host_permissions": [
    "*://*/*"
  ],
  "manifest_version": 3
}

by ✦ Astarte

Bottomline PTX eSigner

Extension Details

Context-Aware Verdict

Findings

Security Analysis Details

Required Permissions:

Host Permissions:

Embedded URLs (1 total):

Raw Manifest

Detections

Manifest Findings