The extension appears to be designed for Caixa Econômica Federal, a major Brazilian government bank, based on the domain permissions. However, critical trust indicators are missing - there's no extension name, author information, user count, or ratings provided, making it impossible to verify legitimacy or assess community trust.
The extension requests native messaging capabilities, which allows communication with programs installed on your computer - a powerful permission that could be exploited. The unlimited storage permission combined with regular storage access means it can accumulate vast amounts of data on your device. The extension targets specific banking domains (caixa.gov.br and related subdomains) plus localhost, which could indicate legitimate banking integration but also presents risks if the extension is malicious. The use of Manifest V2 provides fewer security protections compared to the newer V3 standard.
Only install this extension if you're certain it's the official Caixa banking extension and you actively use their online banking services. Verify the extension's authenticity through official Caixa channels before installation. Consider running it in a separate Chrome profile dedicated to banking activities to isolate potential risks. Monitor your system for unusual behavior after installation, particularly any unexpected native application launches or excessive data storage usage.
| https://clients2.google.com/service/update2/crx | http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd | |
| http://www.w3.org/1999/xhtml |
{ "name": "Kriptonita Assinatura Digital", "icons": { "16": "sign-16.png", "48": "sign-48.png", "128": "sign-128.png" }, "author": "yorick.flannagan@gmail.com", "version": "1.1.15", "background": { "scripts": [ "bundle.js" ], "persistent": false }, "update_url": "https://clients2.google.com/service/update2/crx", "description": "Fornece serviços de assinatura digital no padrão da ICP-Brasil", "permissions": [ "nativeMessaging", "storage", "unlimitedStorage", "http://localhost/*", "http://*.corerj.caixa/*", "https://*.corerj.caixa/*", "http://*.nprd2.caixa/*", "https://*.nprd2.caixa/*", "http://*.caixa.gov.br/*", "https://*.caixa.gov.br/*" ], "content_scripts": [ { "js": [ "contents.js" ], "run_at": "document_end", "matches": [ "http://localhost/*", "http://*.corerj.caixa/*", "https://*.corerj.caixa/*", "http://*.nprd2.caixa/*", "https://*.nprd2.caixa/*", "http://*.caixa.gov.br/*", "https://*.caixa.gov.br/*" ] } ], "manifest_version": 2, "externally_connectable": { "matches": [ "http://localhost/*", "http://*.corerj.caixa/*", "https://*.corerj.caixa/*", "http://*.nprd2.caixa/*", "https://*.nprd2.caixa/*", "http://*.caixa.gov.br/*", "https://*.caixa.gov.br/*" ] }, "web_accessible_resources": [ "global.js" ] }
ⓘ CRXaminer has partnered with our friends at Secure Annex to provide additional findings unique to their platform.
Secure Annex also analyzes extensions from other browsers, IDEs, and can continuously monitor.
This extension may not yet be analyzed by Secure Annex.