BizflyCloud Callcenter 3
Version 3.0.2 View in Chrome Web Store
Extension Details
Context-Aware Verdict
The extension has a small user base of only 483 users and a high rating of 4.8, which suggests positive user experience among those who use it. However, the limited adoption raises questions about widespread testing and validation. The extension appears to be associated with BizflyCloud, a Vietnamese cloud service provider, and is designed for call center functionality. The lack of detailed developer information and missing last updated date reduces transparency.
The extension requests extremely broad permissions that far exceed what's typically needed for call center functionality. The combination of tabs permission, universal host permissions (http://*/* and https://*/*), and content script injection across all URLs creates a powerful surveillance capability. These permissions would allow the extension to monitor all browsing activity, access sensitive data on any website, and potentially intercept credentials or personal information. The offscreen permission adds another layer of background processing capability that could be misused.
Given the high-risk nature of this extension, install it only in a separate Chrome profile dedicated to call center work. Limit this profile's access to sensitive websites and personal accounts. Regularly audit the extension's behavior and consider network monitoring to detect any unexpected data transmission. Only install if absolutely necessary for business operations, and explore alternative call center solutions with more restrictive permissions. Contact BizflyCloud directly to verify the extension's legitimacy and understand why such broad permissions are required.
Findings
Security Analysis Details
Required Permissions:
- offscreen
- notifications
- storage
- contextMenus
- tabs
- activeTab
Host Permissions:
- https://*.bizflycloud.vn/
- http://*/*
- https://*/*
Embedded URLs (27 total):
| https://clients2.google.com/service/update2/crx | https://microfrontend.hn.ss.bfcplatform.vn/dependencies/webphone/2.0/media/ring.ogg | |
| https://microfrontend.hn.ss.bfcplatform.vn/dependencies/webphone/2.0/media/ringend.ogg | https://microfrontend.hn.ss.bfcplatform.vn/dependencies/webphone/2.0/media/ringback.wav | |
| https://microfrontend.hn.ss.bfcplatform.vn/dependencies/webphone/2.0/media/ringstart.ogg | https://fonts.googleapis.com/css?family=Roboto | |
| https://manage.bizflycloud.vn/api/call-center/extensions/auth | https://statistic-resource.hn.ss.bfcplatform.vn/bizflycloud-call-extension.png | |
| https://staging.bizflycloud.vn/api/call-center/ | https://manage.bizflycloud.vn | |
| https://github.com/getsentry/sentry-javascript | https://e34491c31e0142e5a6440710518b628d@sen.k8s.vn/77 | |
| https://jssip.net | https://github.com/jmillan | |
| https://inakibaz.me | https://github.com/versatica/JsSIP.git | |
| https://github.com/versatica/JsSIP/issues | https://github.com/uuidjs/uuid#getrandomvalues-not-supported | |
| https://github.com/zloirock/core-js/blob/v3.30.0/LICENSE | https://github.com/zloirock/core-js | |
| https://fonts.googleapis.com/css2?family=Roboto:wght@400 | http://www.w3.org/1999/xlink | |
| http://www.w3.org/2000/svg | http://www.w3.org/1998/Math/MathML | |
| https://staging.bizflycloud.vn | https://dev.bizflycloud.vn | |
| https://microfrontend.hn.ss.bfcplatform.vn/dependencies/webphone/2.0 |
Raw Manifest
{ "name": "BizflyCloud Callcenter 3", "icons": { "16": "icons/icon16.png", "32": "icons/icon32.png", "48": "icons/icon48.png", "128": "icons/icon128.png" }, "action": { "default_icon": { "16": "icons/icon16.png", "32": "icons/icon32.png", "48": "icons/icon48.png", "128": "icons/icon128.png" }, "default_popup": "popup/index.html", "default_title": "BizflyCloud Callcenter" }, "version": "3.0.2", "commands": { "_execute_action": { "suggested_key": { "mac": "MacCtrl+Q", "default": "Ctrl+Q" } } }, "background": { "type": "module", "service_worker": "background/js/sw.js" }, "short_name": "BizflyCloud Callcenter 3", "update_url": "https://clients2.google.com/service/update2/crx", "description": "BizflyCloud Callcenter is an WebRTC client which works using WebRTC & SIP protocol", "permissions": [ "offscreen", "notifications", "storage", "contextMenus", "tabs", "activeTab" ], "options_page": "auth/auth.html", "content_scripts": [ { "js": [ "background/js/click-to-call.js" ], "css": [ "background/css/bizflycloud-call.css" ], "run_at": "document_end", "matches": [ "<all_urls>" ] } ], "host_permissions": [ "https://*.bizflycloud.vn/", "http://*/*", "https://*/*" ], "manifest_version": 3 }
ⓘ CRXaminer has partnered with our friends at Secure Annex to provide additional findings unique to their platform.
Secure Annex also analyzes extensions from other browsers, IDEs, and can continuously monitor.
This extension may not yet be analyzed by Secure Annex.