CRXaminer

[ new scan ] [ statistics ] [ github ] [ twitter ] [ help ]

Last scanned: about 8 hours ago

Extension Details

Context-Aware Verdict

CRITICAL

Overall Risk

Trust Factors:

The extension lacks basic identifying information including name, description, author details, user count, and ratings, which are fundamental trust indicators. Without this information, it's impossible to verify the developer's legitimacy or assess community acceptance. The absence of these details is itself a significant red flag.

Concerns:

The extension exhibits extremely dangerous permission patterns. The combination of broad host permissions (*://*/*) with content script injection capabilities across all websites creates a perfect storm for malicious activity. This setup allows the extension to access, modify, and steal data from every website you visit, including banking sites, email accounts, and social media platforms. The storage and notifications permissions, while individually moderate risk, become concerning when combined with such broad access capabilities. The extension could silently collect your browsing data, credentials, and personal information while using notifications to appear legitimate.

Recommendations:

Do not install this extension under any circumstances. The missing identification information combined with maximum-privilege permissions suggests this could be malware or a data harvesting tool. If you've already installed it, remove it immediately and consider changing passwords for sensitive accounts. If you absolutely must test unknown extensions, use a completely separate Chrome profile with no saved passwords or personal data, and monitor network activity closely.

Findings

HIGH

Broad Content Script Injection

This extension can inject scripts into any website. This means it could potentially read sensitive data, modify website content, or steal credentials.

HIGH

Broad Host Permissions

This extension has broad host permissions allowing it to access many or all websites. This could potentially be used to steal sensitive data or track browsing activity.

MEDIUM

Medium-Risk Permission: notifications

This extension has the notifications permission. Can show notifications.

MEDIUM

Medium-Risk Permission: storage

This extension has the storage permission. Can store data locally.

Raw Manifest

{
  "name": "__MSG_appName__",
  "icons": {
    "64": "image/icon64.png",
    "128": "image/icon128.png"
  },
  "action": {
    "default_icon": {
      "64": "image/icon64.png",
      "128": "image/icon128.png"
    },
    "default_popup": "popup.html"
  },
  "author": "sarike@timefly.cn",
  "version": "1.1.1",
  "background": {
    "service_worker": "service_worker.js"
  },
  "short_name": "Auto Refresh",
  "update_url": "https://clients2.google.com/service/update2/crx",
  "description": "__MSG_appDesc__",
  "permissions": [
    "storage",
    "browsingData",
    "notifications"
  ],
  "homepage_url": "https://www.timefly.cn/free-auto-refresh",
  "options_page": "options.html",
  "default_locale": "en",
  "content_scripts": [
    {
      "js": [
        "content.js"
      ],
      "css": [
        "css/style.css"
      ],
      "run_at": "document_start",
      "matches": [
        "*://*/*"
      ]
    }
  ],
  "host_permissions": [
    "*://*/*"
  ],
  "manifest_version": 3
}

by ✦ Astarte

Extension Details

Context-Aware Verdict

Findings

Security Analysis Details

Required Permissions:

Host Permissions:

Embedded URLs (3 total):

Raw Manifest

Detections

Manifest Findings

https://clients2.google.com/service/update2/crx	https://www.timefly.cn/free-auto-refresh
https://www.paypal.me/sarike/5