Vonage® Integration Suite
Version 2025.917.1612.1 View in Chrome Web Store
Extension Details
Context-Aware Verdict
The extension is published by Vonage, a legitimate telecommunications company, which provides some credibility. However, the trust is significantly undermined by the extremely low rating of 2.2 out of 5 stars from only 19 reviews, suggesting poor user experience or functionality issues. With 30,000 users, it has moderate adoption but the negative feedback is concerning.
The extension requests extensive permissions that appear excessive for a business communication tool. The tabs permission combined with broad host permissions creates significant privacy risks, allowing access to sensitive information across multiple platforms including Salesforce, Google services, LinkedIn, and Microsoft Dynamics. The content scripts run on all HTTP/HTTPS sites, creating potential for data interception. The contextMenus permission adds another attack vector for malicious activity.
The scope of accessible domains is unusually broad for an integration suite, including development and staging environments that could expose internal systems. The combination of storage permissions with broad site access creates opportunities for data harvesting.
Given the high risk level, install this extension only in a separate Chrome profile dedicated to Vonage-related work. Regularly audit what data the extension accesses and consider whether all the integrated platforms are necessary for your use case. Monitor for any suspicious network activity and consider alternative solutions with more limited permissions if available.
Findings
Security Analysis Details
Required Permissions:
- background
- contextMenus
- storage
- tabs
- notifications
- alarms
Host Permissions:
- https://extensions.gunify.vonage.com/*
Embedded URLs (61 total):
| https://clients2.google.com/service/update2/crx | https://enterprise.vonage.com/what-we-do/crm-integrations | |
| http://sugar.upcurvecloud.com/ | https://sugar.upcurvecloud.com/ | |
| https://apps.gunify-dev.vocal-dev.com/ | https://apps.gunify-qa.vonage.com/ | |
| https://apps.gunify-qa.vocal-qa.com/ | https://apps.gunify-qa7.vonage.com/ | |
| https://apps.gunify-qa7.vocal-qa.com/ | https://apps.gunify-staging.vonage.com/ | |
| https://apps.gunify-staging.vocal-qa.com/ | https://apps.gunify.vonage.com/ | |
| https://extensions.gunify-dev.vocal-dev.com/ | https://extensions.gunify-qa.vocal-qa.com/ | |
| https://extensions.gunify-qa7.vocal-qa.com/ | https://extensions.gunify-staging.vocal-qa.com/ | |
| https://extensions.gunify.vonage.com/ | https://integrate.vonage.com/ | |
| http://www.w3.org/1999/html | https://extensions.gunify-dev.vocal-dev.com/extensions | |
| https://extensions.gunify-qa.vocal-qa.com/extensions | https://extensions.gunify-qa7.vocal-qa.com/extensions | |
| https://extensions.gunify-staging.vocal-qa.com/extensions | https://extensions.gunify.vonage.com/extensions | |
| http://hamster-extern1.gnfyva0.dev.vonagenetworks.net:8010/extensions | http://hamster-extern2.gnfyva0.dev.vonagenetworks.net:8010/extensions | |
| https://extensions.gunify-dev.vocal-dev.com/sc/web | https://extensions.gunify-qa.vocal-qa.com/sc/web | |
| https://extensions.gunify-qa7.vocal-qa.com/sc/web | https://extensions.gunify-staging.vocal-qa.com/sc/web | |
| https://extensions.gunify.vonage.com/sc/web | https://nam.cc.vonage.com/CallCentre/portal/agentworkspace | |
| https://emea.cc.vonage.com/CallCentre/portal/agentworkspace | https://apac.cc.vonage.com/CallCentre/portal/agentworkspace | |
| https://itg-test-ric.nvminternal.net/CallCentre/portal/agentworkspace | https://apps.gunify-dev.vocal-dev.com | |
| https://apps.gunify-qa.vocal-qa.com | https://apps.gunify-qa7.vocal-qa.com | |
| https://apps.gunify-staging.vocal-qa.com | https://apps.gunify.vonage.com | |
| http://hamster-extern1.gnfyva0.dev.vonagenetworks.net:8010 | http://hamster-extern2.gnfyva0.dev.vonagenetworks.net:8010 | |
| https://apps.gunify-qa7.vocal-qa.com/sc/web | https://apps.gunify-staging.vocal-qa.com/sc/web | |
| https://apps.gunify.vonage.com/sc/web | https://pusher.com/ | |
| http://js.pusher.com | https://js.pusher.com | |
| https://pusher.com | https://github.com/pusher/pusher-js/tree/cc491015371a4bde5743d1c87a0fbac0feb53195#encrypted-channel-support | |
| https://extensions.gunify.vonage.com | https://github.com/google/closure-library/wiki/goog.module:-an-ES6-module-like-alternative-to-goog.provide. | |
| http://www.apache.org/licenses/LICENSE-2.0 | https://chrome.google.com/webstore/detail/ldionhpnclplifljglbnheejfmfhpaag | |
| https://confluence.vonage.com/pages/viewpage.action?pageId=410750082 | http://tweetnacl.cr.yp.to/ | |
| https://github.com/floodyberry/poly1305-donna | http://browserhacks.com/#hack-e71d8692f65334173fee715c222cb805 | |
| https://github.com/webpack-contrib/style-loader/issues/177 | http://www.opensource.org/licenses/mit-license.php | |
| https://integrate.vonage.com |
Raw Manifest
{ "name": "Vonage® Integration Suite", "icons": { "19": "images/32.png", "20": "images/48.png", "38": "images/64.png", "48": "images/64.png", "128": "images/128.png" }, "action": { "default_icon": { "24": "images/24.png", "32": "images/32.png" }, "default_popup": "popup.html", "default_title": "__MSG_default_title__" }, "omnibox": { "keyword": "-v" }, "version": "2025.917.1612.1", "background": { "service_worker": "sc_background_sw.js" }, "options_ui": { "page": "options_ui.html" }, "short_name": "Vonage", "update_url": "https://clients2.google.com/service/update2/crx", "description": "__MSG_description__", "permissions": [ "background", "contextMenus", "storage", "tabs", "notifications", "alarms" ], "homepage_url": "https://enterprise.vonage.com/what-we-do/crm-integrations", "default_locale": "en", "content_scripts": [ { "js": [ "sc_content.js" ], "css": [ "content.css" ], "run_at": "document_end", "matches": [ "http://*/*", "https://*/*" ], "all_frames": true }, { "js": [ "sc_content_salesforce.js" ], "run_at": "document_end", "matches": [ "http://*.salesforce.com/*", "https://*.salesforce.com/*", "http://*.cloudforce.com/*", "https://*.cloudforce.com/*", "http://*.force.com/*", "https://*.force.com/*" ], "all_frames": true }, { "js": [ "sc_content_google.js" ], "run_at": "document_end", "matches": [ "http://*.google.com/*", "https://*.google.com/*" ], "all_frames": true }, { "js": [ "sc_content_sugarcrm.js" ], "run_at": "document_end", "matches": [ "http://*.sugarcrm.com/*", "https://*.sugarcrm.com/*", "http://*.sugarondemand.com/*", "https://*.sugarondemand.com/*", "http://sugar.upcurvecloud.com/*", "https://sugar.upcurvecloud.com/*", "http://*.sugar.upcurvecloud.com/*", "https://*.sugar.upcurvecloud.com/*" ], "all_frames": true }, { "js": [ "sc_content_dynamics.js" ], "run_at": "document_end", "matches": [ "https://*.crm.dynamics.com/*" ], "all_frames": true }, { "js": [ "sc_content_linkedin.js" ], "run_at": "document_end", "matches": [ "https://*.linkedin.com/*" ], "all_frames": true }, { "js": [ "sc_msg_bridge.js" ], "run_at": "document_start", "matches": [ "http://localhost:4200/*", "https://apps.gunify-dev.vocal-dev.com/*", "https://apps.gunify-qa.vonage.com/*", "https://apps.gunify-qa.vocal-qa.com/*", "https://apps.gunify-qa7.vonage.com/*", "https://apps.gunify-qa7.vocal-qa.com/*", "https://apps.gunify-staging.vonage.com/*", "https://apps.gunify-staging.vocal-qa.com/*", "https://apps.gunify.vonage.com/*", "https://extensions.gunify-dev.vocal-dev.com/*", "https://extensions.gunify-qa.vocal-qa.com/*", "https://extensions.gunify-qa7.vocal-qa.com/*", "https://extensions.gunify-staging.vocal-qa.com/*", "https://extensions.gunify.vonage.com/*", "https://integrate.vonage.com/*" ] } ], "host_permissions": [ "https://extensions.gunify.vonage.com/*" ], "manifest_version": 3 }
ⓘ CRXaminer has partnered with our friends at Secure Annex to provide additional findings unique to their platform.
Secure Annex also analyzes extensions from other browsers, IDEs, and can continuously monitor.
This extension may not yet be analyzed by Secure Annex.