Extension Details
Rating:
4.2 ★
(167 ratings)
Size:
203KiB
Last Updated:
February 11, 2024
Users:
200,000
Context-Aware Verdict
This section provides a Claude-based AI analysis that applies additional context to the risk. Results are not guaranteed to be accurate.
HIGH
Risk Level
Trust Factors:
- The extension has a relatively high number of users (200,000), which could indicate some level of trust and popularity.
- However, the lack of developer information or a reputable company behind the extension raises some concerns about transparency and accountability.
Concerns:
- The extension requests a concerning combination of permissions, including the ability to access all websites and their content (<all_urls>), intercept and modify web requests (webRequest, webRequestBlocking), and debug other extensions/apps (debugger).
- These permissions could potentially be abused to compromise user security and privacy, such as by modifying sensitive web traffic or stealing data.
- The use of an older manifest version (Manifest V2) also raises some security concerns, as it has fewer restrictions than the newer Manifest V3.
Recommendations:
- Exercise caution when using this extension, as it has a high risk level and could potentially compromise your security and privacy.
- If you must use this extension, consider running it in a separate Chrome profile or a sandboxed environment to isolate it from your main browsing activities.
- Look for alternative extensions that achieve similar functionality but with fewer permissions or from more reputable developers.
- Keep the extension updated to the latest version and monitor for any suspicious behavior or privacy concerns.
- Consider using additional security measures, such as a reputable antivirus software or a virtual private network (VPN), to enhance your overall online security.
Security Analysis
This section provides a detailed analysis of the extension's security posture, without broader context. Assumes worst-case impact.
CRITICAL
Overall Risk
Based on 8 total findings, ranked without considering overall context, including 5 high-risk and 3 medium-risk findings.
HIGH
Dangerous Permission Combination: webRequest + webRequestBlocking
This extension can intercept, modify, and block web requests in real-time. This combination could be used to modify sensitive web traffic or steal data.
HIGH
High-Risk Permission: <all_urls>
This extension has the <all_urls> permission. Can access all websites and their content. This could potentially be used maliciously to compromise security or privacy.
HIGH
High-Risk Permission: debugger
This extension has the debugger permission. Can debug and manipulate other extensions/apps. This could potentially be used maliciously to compromise security or privacy.
HIGH
High-Risk Permission: webRequest
This extension has the webRequest permission. Can intercept and modify web requests. This could potentially be used maliciously to compromise security or privacy.
HIGH
High-Risk Permission: webRequestBlocking
This extension has the webRequestBlocking permission. Can block and modify web requests in real-time. This could potentially be used maliciously to compromise security or privacy.
MEDIUM
Medium-Risk Permission: contextMenus
This extension has the contextMenus permission. Can add items to the context menu.
MEDIUM
Medium-Risk Permission: storage
This extension has the storage permission. Can store data locally.
MEDIUM
Older Manifest Version
This extension uses Manifest Version 2, which has fewer security restrictions than Manifest V3. Consider using extensions that have upgraded to V3.
Security Analysis Details
Required Permissions:
- storage
- <all_urls>
- webRequest
- webRequestBlocking
- declarativeNetRequest
- contextMenus
- debugger
Embedded URLs (6 total):
| https://mail.google.com/mail/u/0/#inbox | https://drive.google.com/drive/my-drive | |
| https://clients2.google.com/service/update2/crx | https://webextension.org/listing/access-control.html | |
| https://webbrowsertools.com/test-cors/ | https://www.youtube.com/watch?v=8berLeTjKDM |
Raw Manifest
{ "name": "CORS Unblock", "icons": { "16": "/data/icons/16.png", "32": "/data/icons/32.png", "48": "/data/icons/48.png", "64": "/data/icons/64.png", "128": "/data/icons/128.png", "256": "/data/icons/256.png", "512": "/data/icons/512.png" }, "version": "0.3.8", "background": { "scripts": [ "worker.js", "context.js", "v2.js" ] }, "update_url": "https://clients2.google.com/service/update2/crx", "description": "__MSG_description__", "permissions": [ "storage", "<all_urls>", "webRequest", "webRequestBlocking", "declarativeNetRequest", "contextMenus", "debugger" ], "homepage_url": "https://webextension.org/listing/access-control.html", "browser_action": {}, "default_locale": "en", "manifest_version": 2, "declarative_net_request": { "rule_resources": [ { "id": "x-frame", "path": "rulesets/x-frame.json", "enabled": false }, { "id": "overwrite-origin", "path": "rulesets/overwrite-origin.json", "enabled": false }, { "id": "allow-credentials", "path": "rulesets/allow-credentials.json", "enabled": false }, { "id": "allow-headers", "path": "rulesets/allow-headers.json", "enabled": false }, { "id": "referer", "path": "rulesets/referer.json", "enabled": false }, { "id": "csp", "path": "rulesets/csp.json", "enabled": false }, { "id": "allow-shared-array-buffer", "path": "rulesets/allow-shared-array-buffer.json", "enabled": false } ] } }
Secure Annex (beta)
Coming soon...