[ new scan ] [ statistics ] [ github ] [ twitter ] [ help ]

Mono Audio

Version 1.4 View in Chrome Web Store

Last scanned: about 16 hours ago

Extension Details

Rating: 5.0 ★ (6 ratings)

Users: 759

Context-Aware Verdict

HIGH

Overall Risk

Trust Factors:

The extension has a perfect 5.0 rating but only 6 reviews, which is insufficient to establish reliability. With only 759 users, it lacks widespread adoption that would indicate community trust. The absence of author and developer information raises significant transparency concerns, making it impossible to verify the creator's reputation or contact them for support.

Concerns:

The extension's permissions are severely excessive for a simple mono audio converter. The combination of broad host permissions (<all_urls>) and content script injection capabilities creates a dangerous attack surface that could be exploited for data theft, credential harvesting, or malicious website modifications. The tabs permission allows manipulation of browser tabs, which is unnecessary for audio processing. The storage permission, while less concerning, could be used to persist stolen data. Most critically, there's no legitimate reason why an audio utility would need to access and modify content on every website you visit.

Recommendations:

Given the high risk profile, avoid installing this extension entirely. If mono audio functionality is essential, seek alternatives from established developers with transparent contact information and appropriate permissions. If you must use this extension, run it in a completely isolated Chrome profile with no access to sensitive accounts or data. Consider using browser-level accessibility features or operating system audio settings as safer alternatives for mono audio conversion.

Findings

HIGH

Broad Content Script Injection

This extension can inject scripts into any website. This means it could potentially read sensitive data, modify website content, or steal credentials.

HIGH

Broad Host Permissions

This extension has broad host permissions allowing it to access many or all websites. This could potentially be used to steal sensitive data or track browsing activity.

HIGH

High-Risk Permission: tabs

This extension has the tabs permission. Can access browser tab information and manipulate tabs. This could potentially be used maliciously to compromise security or privacy.

MEDIUM

Medium-Risk Permission: activeTab

This extension has the activeTab permission. Can access the active tab when clicking the extension icon.

MEDIUM

Medium-Risk Permission: storage

This extension has the storage permission. Can store data locally.

Raw Manifest

{
  "name": "Mono Audio",
  "icons": {
    "512": "icons/stereo_512.png"
  },
  "action": {
    "default_icon": {
      "512": "icons/stereo_512.png"
    },
    "default_title": "Mono Audio"
  },
  "version": "1.4",
  "background": {
    "service_worker": "background.js"
  },
  "update_url": "https://clients2.google.com/service/update2/crx",
  "description": "Changes the audio output to Mono.",
  "permissions": [
    "activeTab",
    "scripting",
    "storage",
    "tabs"
  ],
  "content_scripts": [
    {
      "js": [
        "content_script.js"
      ],
      "run_at": "document_idle",
      "matches": [
        "<all_urls>"
      ],
      "all_frames": true
    }
  ],
  "host_permissions": [
    "<all_urls>"
  ],
  "manifest_version": 3
}

by ✦ Astarte

Mono Audio

Extension Details

Context-Aware Verdict

Findings

Security Analysis Details

Required Permissions:

Host Permissions:

Embedded URLs (1 total):

Raw Manifest

Detections

Manifest Findings