TikTok Enhancer - Editing News & Re:TikTok
Version 2.0.3 View in Chrome Web Store
Extension Details
Context-Aware Verdict
The extension has a moderate user base of 20,000 users and a decent rating of 4.1 stars, which provides some community validation. However, the developer "editingnews.com" lacks clear company information or established reputation in the extension ecosystem. The connection between a news editing website and TikTok enhancement functionality raises questions about the developer's primary focus and expertise.
The extension exhibits several red flags that justify the critical risk assessment. The combination of tabs, downloads, and cookies permissions creates a powerful surveillance and data extraction capability that far exceeds what's necessary for typical TikTok enhancement features. The broad host permissions extending beyond TikTok domains to include localhost and the developer's own domains suggest potential data exfiltration pathways. Most concerning is the unsafe WebAssembly execution policy, which could hide malicious code and perform resource-intensive operations without detection. The permissions profile resembles that of data harvesting tools rather than simple enhancement utilities.
Given the critical risk level, avoid installing this extension entirely. If TikTok enhancement features are essential, seek alternatives from established developers with transparent privacy policies and minimal permissions. If you must use this extension, run it in a completely isolated Chrome profile with no access to personal accounts, sensitive data, or other extensions. Monitor network activity and regularly clear cookies and stored data.
Findings
Security Analysis Details
Required Permissions:
- storage
- tabs
- scripting
- activeTab
- downloads
- cookies
- alarms
Host Permissions:
- *://tiktok.com/*
- *://*.tiktok.com/*
- *://tiktokcdn.com/*
- *://*.tiktokcdn.com/*
- *://byteoversea.com/*
- *://*.byteoversea.com/*
- http://localhost:5035/*
- https://v2.editingnews.com/*
- *://*.editingnews.com/*
Content Security Policy:
- extension_pages: script-src 'self' 'wasm-unsafe-eval'; object-src 'self'
Embedded URLs (25 total):
| http://www.w3.org/2000/svg | http://www.w3.org/1999/xlink | |
| https://v2.editingnews.com | https://t.me/ | |
| https://www.tiktok.com/profile | https://www.tiktok.com/api/repost/item_list/? | |
| https://www.tiktok.com/@ | https://www.tiktok.com/tiktok/v1/upvote/delete? | |
| https://fonts.googleapis.com/css2?family=Manrope:wght@400 | https://react.dev/errors/ | |
| http://www.w3.org/1998/Math/MathML | http://www.w3.org/XML/1998/namespace | |
| https://t.me/editing_news | https://t.me/lexuof | |
| https://editingnews.com/vpn | https://t.me/retiktok_bot | |
| https://t.me/editingnews_bot | https://t.me/manager_en | |
| https://www.tiktok.com | https://fonts.googleapis.com/css2?family=IBM+Plex+Mono:wght@500 | |
| https://unpkg.com/@ffmpeg/core@0.12.9/dist/umd/ffmpeg-core.js | https://unpkg.com/@ffmpeg/core@ | |
| https://emscripten.org/docs/compiling/Dynamic-Linking.html | https://clients2.google.com/service/update2/crx | |
| https://v2.editingnews.com/ |
Raw Manifest
{ "name": "TikTok Enhancer - Editing News & Re:TikTok", "icons": { "16": "src/icons/icon16.png", "32": "src/icons/icon32.png", "48": "src/icons/icon48.png", "128": "src/icons/icon128.png" }, "action": { "default_icon": { "128": "src/icons/icon128.png" }, "default_popup": "src/popup/index.html", "default_title": "TikTok Enhancer" }, "version": "2.0.3", "background": { "type": "module", "service_worker": "service-worker-loader.js" }, "update_url": "https://clients2.google.com/service/update2/crx", "description": "Professional TikTok Tools", "permissions": [ "storage", "tabs", "scripting", "activeTab", "downloads", "cookies", "alarms" ], "content_scripts": [ { "js": [ "assets/index.ts-loader-DU1vRNSi.js" ], "run_at": "document_start", "matches": [ "*://tiktok.com/*", "*://*.tiktok.com/*" ] } ], "host_permissions": [ "*://tiktok.com/*", "*://*.tiktok.com/*", "*://tiktokcdn.com/*", "*://*.tiktokcdn.com/*", "*://byteoversea.com/*", "*://*.byteoversea.com/*", "http://localhost:5035/*", "https://v2.editingnews.com/*", "*://*.editingnews.com/*" ], "manifest_version": 3, "content_security_policy": { "extension_pages": "script-src 'self' 'wasm-unsafe-eval'; object-src 'self'" }, "web_accessible_resources": [ { "matches": [ "*://*.tiktok.com/*", "*://tiktok.com/*" ], "resources": [ "public/icons/*", "assets/config-DQrDmjdS.js", "assets/index.ts-D48bzi0G.js" ], "use_dynamic_url": false } ] }
ⓘ CRXaminer has partnered with our friends at Secure Annex to provide additional findings unique to their platform.
Secure Annex also analyzes extensions from other browsers, IDEs, and can continuously monitor.
This extension may not yet be analyzed by Secure Annex.