Extension Details
Context-Aware Verdict
The extension has very limited adoption with only 443 users and minimal reviews (4 ratings), which provides little community validation. The lack of developer information and company details raises transparency concerns. While the 4.0 rating suggests basic functionality, the small sample size makes this less meaningful. The extension appears to be related to BrickSeek, a legitimate inventory tracking service, but without clear developer attribution, this connection cannot be verified.
The extension requests extremely broad permissions that seem excessive for a BrickSeek-related tool. The <all_urls> permission combined with content script injection across all websites creates significant privacy and security risks. The tabs permission allows manipulation of browser tabs, which could be misused for malicious redirects or data theft. The use of outdated Manifest V2 indicates the extension hasn't been updated to meet modern security standards. The broad access permissions could enable credential harvesting, sensitive data collection, or unauthorized website modifications across all browsing activity.
Given the high-risk profile, run this extension in a completely separate Chrome profile isolated from your main browsing activities. Consider whether the BrickSeek functionality is essential enough to justify these security risks. Look for alternative extensions with more limited permissions or use BrickSeek's website directly. If you must use this extension, regularly audit your stored passwords and consider using it only when specifically needed for BrickSeek-related activities, then disabling it afterward.
Findings
Security Analysis Details
Required Permissions:
- contextMenus
- <all_urls>
- tabs
- storage
Embedded URLs (12 total):
| http://brickseek.com/target-inventory-checker | http://brickseek.com/walmart-inventory-checker | |
| http://brickseek.com/office-depot-inventory-checker | http://brickseek.com/lowes-inventory-checker | |
| http://brickseek.com/home-depot-inventory-checker | http://brickseek.com/staples-inventory-checker | |
| http://brickseek.com/cvs-inventory-checker | https://www.linkedin.com/messaging/ | |
| http://gpzweb.com/services/app_manager.php | https://clients2.google.com/service/update2/crx | |
| https://bugs.webkit.org/show_bug.cgi?id=51499 | http://crbug.com/112091 |
Raw Manifest
{ "name": "BrickSeek Addon", "icons": {}, "version": "1.8", "background": { "scripts": [ "/js/lib/jquery.js", "/js/core.js", "/js/bg.js" ] }, "update_url": "https://clients2.google.com/service/update2/crx", "description": "Automate brickseek actions", "permissions": [ "contextMenus", "<all_urls>", "tabs", "storage" ], "options_page": "options.html", "browser_action": {}, "content_scripts": [ { "js": [ "/js/lib/jquery.js", "/js/core.js" ], "run_at": "document_idle", "matches": [ "<all_urls>" ] } ], "manifest_version": 2 }
ⓘ CRXaminer has partnered with our friends at Secure Annex to provide additional findings unique to their platform.
Secure Annex also analyzes extensions from other browsers, IDEs, and can continuously monitor.
This extension may not yet be analyzed by Secure Annex.