Extension Details
Rating:
4.1 ★
(175 ratings)
Users:
200,000
Context-Aware Verdict
This section provides a Claude-based AI analysis that applies additional context to the risk. Results are not guaranteed to be accurate.
HIGH
Overall Risk
Trust Factors: The extension has a substantial user base of 200,000 users and a decent rating of 4.1 stars, suggesting legitimate functionality. However, the lack of clear author information and developer details raises transparency concerns. CORS unblocking is a legitimate development need, which explains the user adoption.
Concerns: The extension's permission set is extremely powerful and concerning for its stated purpose. The debugger permission is particularly alarming as it allows deep system access to manipulate other extensions and browser processes - far beyond what's needed for CORS modification. The broad host permissions across all URLs create extensive data access capabilities. The declarativeNetRequest permission, while appropriate for CORS functionality, combined with the other permissions creates a potent surveillance and manipulation toolkit. The storage permission, though lower risk, adds to the overall capability for data collection.
Recommendations: This extension should only be used if absolutely necessary for development work. Run it in a completely separate Chrome profile isolated from personal browsing and sensitive accounts. Disable the extension immediately after use rather than leaving it active. Consider alternative CORS solutions like browser flags for development or proper server-side CORS configuration. Monitor network activity when the extension is active. The debugger permission especially makes this extension unsuitable for general users or production environments.
Findings
This section provides a detailed analysis of the extension's security posture, without broader context. Assumes worst-case impact.
HIGH
Broad Host Permissions
This extension has broad host permissions allowing it to access many or all websites. This could potentially be used to steal sensitive data or track browsing activity.
HIGH
High-Risk Permission: debugger
This extension has the debugger permission. Can debug and manipulate other extensions/apps. This could potentially be used maliciously to compromise security or privacy.
MEDIUM
Medium-Risk Permission: storage
This extension has the storage permission. Can store data locally.
Security Analysis Details
Required Permissions:
- storage
- declarativeNetRequest
- debugger
Host Permissions:
- <all_urls>
Embedded URLs (3 total):
| https://clients2.google.com/service/update2/crx | https://webextension.org/listing/access-control.html | |
| https://webbrowsertools.com/test-cors/ |
Raw Manifest
{ "name": "CORS Unblock", "icons": { "16": "/data/icons/disabled/16.png", "32": "/data/icons/disabled/32.png", "48": "/data/icons/disabled/48.png", "64": "/data/icons/disabled/64.png", "128": "/data/icons/disabled/128.png", "256": "/data/icons/disabled/256.png", "512": "/data/icons/disabled/512.png" }, "action": {}, "version": "0.5.2", "background": { "service_worker": "worker.js" }, "update_url": "https://clients2.google.com/service/update2/crx", "description": "__MSG_description__", "permissions": [ "storage", "declarativeNetRequest", "debugger" ], "homepage_url": "https://webextension.org/listing/access-control.html", "default_locale": "en", "host_permissions": [ "<all_urls>" ], "manifest_version": 3 }
ⓘ CRXaminer has partnered with our friends at Secure Annex to provide additional findings unique to their platform.
Secure Annex also analyzes extensions from other browsers, IDEs, and can continuously monitor.
Loading Secure Annex data...
Unable to load Secure Annex data.
This extension may not yet be analyzed by Secure Annex.
Detections
0Critical
0
High
0
Medium
0
Low
0
Has Verdicts
Yes
Manifest Findings
0Critical
0
High
0
Medium
0
Low
0
Secure Annex analyzed version: -