Extension Details
Context-Aware Verdict
The extension has several concerning trust indicators. With only 10,000 users and a poor 2.5-star rating from just 22 reviews, it shows limited adoption and user satisfaction. The lack of developer information and company details raises transparency concerns. The generic name "Shop Blue Assistant" provides little clarity about its actual purpose or functionality.
The extension requests an excessive combination of high-risk permissions that far exceed what a typical shopping assistant would need. The ability to access all websites, intercept web requests, and manipulate cookies creates significant privacy and security vulnerabilities. The broad content script injection capability means it can read sensitive information like passwords, credit card details, and personal data from any website you visit. The webRequest permission allows it to potentially redirect traffic or inject malicious content into legitimate websites.
Do not install this extension due to its critical risk level. If you must use it for essential business purposes, create a completely separate Chrome profile with no saved passwords, payment information, or access to sensitive websites. Consider using alternative shopping assistants from reputable developers with better ratings and more transparent permission models. The combination of broad permissions, poor ratings, and lack of developer transparency suggests this extension poses significant security risks that outweigh any potential benefits.
Findings
Security Analysis Details
Required Permissions:
- tabs
- cookies
- storage
- webRequest
Host Permissions:
- <all_urls>
Embedded URLs (20 total):
| https://www.google-analytics.com/mp/collect?measurement_id=G-CWLBQJLYC4&api_secret=JEPGbYLqTSi44zYPsoFwmA | https://earnmore.bluerewards.ca/ | |
| https://earnmore.bluerewards.ca/api | http://momentjs.com/guides/#/warnings/define-locale/ | |
| http://momentjs.com/guides/#/warnings/js-date/ | http://momentjs.com/guides/#/warnings/min-max/ | |
| http://momentjs.com/guides/#/warnings/add-inverted-param/ | http://momentjs.com/guides/#/warnings/zone/ | |
| http://momentjs.com/guides/#/warnings/dst-shifted/ | https://reactjs.org/docs/error-decoder.html?invariant= | |
| http://www.w3.org/1999/xlink | http://www.w3.org/XML/1998/namespace | |
| http://www.w3.org/2000/svg | http://www.w3.org/1998/Math/MathML | |
| http://www.w3.org/1999/xhtml | https://github.com/styled-components/styled-components/blob/main/packages/styled-components/src/utils/errors.md# | |
| https://clients2.google.com/service/update2/crx | https://earnmore.bluerewards.ca | |
| http://www.apache.org/licenses/LICENSE-2.0 | https://github.com/ankeetmaini/react-infinite-scroll-component/issues/59 |
Raw Manifest
{ "name": "__MSG_appName_prod__", "icons": { "128": "icons/br_icon_active_128x128.png" }, "action": { "default_icon": "icons/br_icon_active_128x128.png", "default_popup": "src/pages/popup/index.html" }, "version": "4.0.1", "background": { "type": "module", "service_worker": "src/pages/background/index.js" }, "short_name": "shop_blue", "update_url": "https://clients2.google.com/service/update2/crx", "description": "__MSG_appDesc__", "permissions": [ "tabs", "cookies", "storage", "webRequest" ], "default_locale": "en", "content_scripts": [ { "js": [ "src/pages/content/index.js" ], "matches": [ "http://*/*", "https://*/*", "<all_urls>" ] } ], "host_permissions": [ "<all_urls>" ], "manifest_version": 3, "externally_connectable": { "matches": [ "https://*.earnmore.bluerewards.ca/*", "https://earnmore.bluerewards.ca/*" ] }, "web_accessible_resources": [ { "matches": [ "*://*/*" ], "resources": [ "assets/js/*.js", "assets/css/*.css", "fonts/*/*.ttf" ] } ] }
ⓘ CRXaminer has partnered with our friends at Secure Annex to provide additional findings unique to their platform.
Secure Annex also analyzes extensions from other browsers, IDEs, and can continuously monitor.
This extension may not yet be analyzed by Secure Annex.