Outbrain Direct Response - Pixel Compliance Checker
Version 1.2.1 View in Chrome Web Store
Extension Details
Context-Aware Verdict
The extension appears to be a legitimate business tool from Outbrain, a well-known content discovery platform. The specific purpose of checking pixel compliance aligns with Outbrain's advertising technology services. However, the extremely low user count (1,000 users) and minimal rating data (only 2 reviews) suggest limited adoption, which could indicate either a niche tool or newer release.
The primary concern is the broad content script injection across all HTTP and HTTPS websites. While the activeTab permission is appropriately scoped for a compliance checking tool, the universal content script access means this extension can execute code on every website you visit. For a pixel compliance checker, this level of access may be necessary but creates a significant attack surface if the extension were compromised or malicious.
The lack of detailed developer information and limited user feedback makes it difficult to fully assess the extension's legitimacy and security practices.
Given the low but notable risk, consider running this extension in a separate Chrome profile dedicated to advertising/marketing work. This isolates potential security issues from your primary browsing activities. Monitor the extension's behavior and disable it when not actively needed for compliance checking. Verify the extension's authenticity through Outbrain's official channels before installation, as the broad permissions could be exploited by malicious actors mimicking legitimate tools.
Findings
Security Analysis Details
Required Permissions:
- scripting
- activeTab
Embedded URLs (18 total):
| https://reactjs.org/docs/error-decoder.html?invariant= | http://www.w3.org/1999/xlink | |
| http://www.w3.org/XML/1998/namespace | http://www.w3.org/2000/svg | |
| http://www.w3.org/1998/Math/MathML | http://www.w3.org/1999/xhtml | |
| https://mui.com/production-error/?code= | https://unpkg.com/ | |
| https://cdn.jsdelivr.net/npm/ | http://www.w3.org/2000/svg%22 | |
| http://www.w3.org/2000/svg%22%3E%3Crect | https://www.outbrain.com/help/advertisers/onboarding-an-iab-compliant-cmp-for-advertisers/ | |
| https://intercom.help/outbrain_dsp/en/articles/10374672-onboarding-an-iab-compliant-cmp-for-advertisers | https://bugs.webkit.org/show_bug.cgi?id=68196 | |
| http://jedwatson.github.io/classnames | https://github.com/cssinjs/jss | |
| https://clients2.google.com/service/update2/crx | https://design.teads.com/style@3.16.3/tds.min.css |
Raw Manifest
{ "name": "Outbrain Direct Response - Pixel Compliance Checker", "icons": { "16": "odr_shape.png", "48": "odr_shape.png", "128": "odr_shape.png" }, "action": { "default_icon": { "16": "odr_shape.png", "24": "odr_shape.png", "32": "odr_shape.png" }, "default_popup": "popup.html", "default_title": "Outbrain Direct Response - Pixel Compliance Checker" }, "version": "1.2.1", "background": { "type": "module", "service_worker": "background.bundle.js" }, "update_url": "https://clients2.google.com/service/update2/crx", "description": "This extension helps you to check if the Outbrain Direct Response by Teads pixel is installed correctly on the page.", "permissions": [ "scripting", "activeTab" ], "content_scripts": [ { "js": [ "check-pixels.bundle.js" ], "run_at": "document_idle", "matches": [ "http://*/*", "https://*/*" ] } ], "manifest_version": 3, "web_accessible_resources": [ { "matches": [ "http://*/*", "https://*/*" ], "resources": [ "pixels-script.bundle.js", "consents-script.bundle.js" ] } ] }
ⓘ CRXaminer has partnered with our friends at Secure Annex to provide additional findings unique to their platform.
Secure Annex also analyzes extensions from other browsers, IDEs, and can continuously monitor.
This extension may not yet be analyzed by Secure Annex.