[ new scan ] [ statistics ] [ github ] [ twitter ] [ help ]

ZoomSelling - аналитика по Uzum Market

Version 1.8.15 View in Chrome Web Store

Last scanned: about 5 hours ago

Extension Details

Developer: zoomselling.io

Rating: 5.0 ★ (7 ratings)

Users: 4,000

Context-Aware Verdict

HIGH

Overall Risk

Trust Factors:

The extension has a perfect 5.0 rating but with only 7 reviews, which is insufficient to establish credibility. With 4,000 users, it has moderate adoption but lacks transparency regarding the developer's identity and company information. The extension targets Uzum Market analytics, which is a legitimate business use case for e-commerce sellers.

Concerns:

The extension requests excessive permissions that far exceed what's necessary for Uzum Market analytics. The webRequest permission allows intercepting and modifying all web traffic, while the broad host permissions (<all_urls>) grant access to every website you visit, not just Uzum-related domains. The tabs permission enables monitoring of all browser tabs, and tabCapture can record screen content. These capabilities combined create significant privacy and security risks, as the extension could potentially steal login credentials, financial information, or track browsing behavior across all websites.

Recommendations:

Given the high-risk permissions that seem disproportionate to the stated functionality, consider running this extension in a separate Chrome profile dedicated only to Uzum Market activities. Alternatively, look for alternative analytics tools with more limited permissions. If you must use this extension, regularly audit what data it might be collecting and consider using it only when actively working on Uzum Market tasks, disabling it otherwise.

Findings

HIGH

Broad Host Permissions

This extension has broad host permissions allowing it to access many or all websites. This could potentially be used to steal sensitive data or track browsing activity.

HIGH

High-Risk Permission: tabs

This extension has the tabs permission. Can access browser tab information and manipulate tabs. This could potentially be used maliciously to compromise security or privacy.

HIGH

High-Risk Permission: webRequest

This extension has the webRequest permission. Can intercept and modify web requests. This could potentially be used maliciously to compromise security or privacy.

MEDIUM

Medium-Risk Permission: activeTab

This extension has the activeTab permission. Can access the active tab when clicking the extension icon.

MEDIUM

Medium-Risk Permission: contextMenus

This extension has the contextMenus permission. Can add items to the context menu.

MEDIUM

Medium-Risk Permission: storage

This extension has the storage permission. Can store data locally.

Security Analysis Details

Required Permissions:

storage
tabs
webRequest
contextMenus
activeTab
scripting
tabCapture

Host Permissions:

<all_urls>

Embedded URLs (51 total):

https://uzum.uz/	https://dev.zoomselling.io/plugin/api/extension/similar_images?imageUrl=
https://dev.zoomselling.io/plugin/api/extension/similar_images	http://www.w3.org/2000/svg
https://dev.zoomselling.io/plugin/api/extension/translations	https://seller.uzum.uz/
https://uzum.uz	https://seller.uzum.uz
https://api.uzum.uz/api/analytics/events	http://jqueryui.com
http://jqueryui.com/themeroller/?ffDefault=Arial%2CHelvetica%2Csans-serif&fsDefault=1em&fwDefault=normal&cornerRadius=3px&bgColorHeader=e9e9e9&bgTextureHeader=flat&borderColorHeader=dddddd&fcHeader=333333&iconColorHeader=444444&bgColorContent=ffffff&bgTextureContent=flat&borderColorContent=dddddd&fcContent=333333&iconColorContent=444444&bgColorDefault=f6f6f6&bgTextureDefault=flat&borderColorDefault=c5c5c5&fcDefault=454545&iconColorDefault=777777&bgColorHover=ededed&bgTextureHover=flat&borderColorHover=cccccc&fcHover=2b2b2b&iconColorHover=555555&bgColorActive=007fff&bgTextureActive=flat&borderColorActive=003eff&fcActive=ffffff&iconColorActive=ffffff&bgColorHighlight=fffa90&bgTextureHighlight=flat&borderColorHighlight=dad55e&fcHighlight=777620&iconColorHighlight=777620&bgColorError=fddfdf&bgTextureError=flat&borderColorError=f1a899&fcError=5f3f3f&iconColorError=cc0000&bgColorOverlay=aaaaaa&bgTextureOverlay=flat&bgImgOpacityOverlay=0&opacityOverlay=30&bgColorShadow=666666&bgTextureShadow=flat&bgImgOpacityShadow=0&opacityShadow=30&thicknessShadow=5px&offsetTopShadow=0px&offsetLeftShadow=0px&cornerRadiusShadow=8px	http://schemas.microsoft.com/winfx/2006/xaml
http://schemas.microsoft.com/winfx/2006/xaml/presentation	http://www.w3.org/1999/xlink
https://zoomselling.io	https://clients2.google.com/service/update2/crx
https://t.me/Zoomselling1	https://zoomselling.io/browser-app?marketplace=Uzum
https://zoomselling.io/	https://t.me/zoomselling1
https://lookerstudio.google.com/reporting/245a870c-f547-473b-9da0-2e522f42fe54/page/p_ilntj5tdcd	https://www.youtube.com/@ZoomSelling
https://dev.zoomselling.io/plugin/api/extension/user	https://github.com/yuvarajucet/own-chrome-extension.git
https://raw.githubusercontent.com/yuvarajucet/own-extension-chrome/master/img/1.png	https://raw.githubusercontent.com/yuvarajucet/own-extension-chrome/master/img/2.png
https://raw.githubusercontent.com/yuvarajucet/own-extension-chrome/master/img/3.png	https://raw.githubusercontent.com/yuvarajucet/own-extension-chrome/master/img/4.png
https://raw.githubusercontent.com/yuvarajucet/own-extension-chrome/master/img/5.png	https://raw.githubusercontent.com/yuvarajucet/own-extension-chrome/master/img/6.png
https://api-seller.uzum.uz/api/seller/marketing/auction/filter/sellers	https://api-seller.uzum.uz/api/seller/advertising/management/ad-campaign?
https://dev.zoomselling.io/plugin/api/1.8/extension/sellerAccount/adCampaign/report/create?adCampaignId=	https://dev.zoomselling.io/plugin/api/1.8/extension/sellerAccount/adCampaign/report/checkStatus?reportId=
https://dev.zoomselling.io/plugin/api/1.8/extension/sellerAccount/adCampaign/report/download?reportId=	https://dev.zoomselling.io/plugin/api/1.8/extension/sellerAccount/adCampaign/status
https://api-seller.uzum.uz/api/seller/marketing/auction/v2/products?	https://dev.zoomselling.io/plugin/api/1.8/extension/sellerAccount/adCampaignKeys/start?language=
https://dev.zoomselling.io/plugin/api/1.8/extension/sellerAccount/adCampaign/report?adCampaignId=	https://dev.zoomselling.io/plugin/api/1.8/extension/sellerAccount/adCampaign/positions
https://dev.zoomselling.io/plugin/api/1.8/extension/sellerAccount/adCampaign	https://dev.zoomselling.io/plugin/api/extension/category
https://dev.zoomselling.io/plugin/api/extension/categoryProducts	https://www.jsdelivr.com/using-sri-with-dynamic-files
https://www.chartjs.org	https://github.com/kurkle/color#readme
https://dev.zoomselling.io/plugin/api/extension/settings	https://dev.zoomselling.io/plugin/api/extension/product/
https://dev.zoomselling.io/plugin/api/extension/store	https://uzum.uz/ru/product/
https://uzum.uz/ru/category/

Raw Manifest

{
  "name": "ZoomSelling - аналитика по Uzum Market",
  "icons": {
    "16": "images/logo_16.png",
    "32": "images/logo_32.png",
    "48": "images/logo_48.png",
    "128": "images/logo_128.png"
  },
  "action": {
    "default_icon": "images/logo.png",
    "default_popup": "popup/popup.html",
    "default_title": "ZoomSelling"
  },
  "version": "1.8.15",
  "background": {
    "service_worker": "background/service-worker.js"
  },
  "update_url": "https://clients2.google.com/service/update2/crx",
  "description": "Аналитика ниш и товаров || SEO-ключи + Буст-в-ТОП || 'Потеряшки' || Поддержка и вопросы: https://t.me/Zoomselling1",
  "permissions": [
    "storage",
    "tabs",
    "webRequest",
    "contextMenus",
    "activeTab",
    "scripting",
    "tabCapture"
  ],
  "default_locale": "ru",
  "content_scripts": [
    {
      "js": [
        "scripts/jquery-3.7.1.min.js",
        "scripts/jquery-ui.min.js",
        "scripts/chart.js",
        "scripts/content-3.0.0.js",
        "scripts/category-3.0.0.js",
        "scripts/product-3.0.0.js",
        "scripts/category-products-3.0.0.js",
        "scripts/store-3.0.0.js",
        "scripts/js.cookie-3.0.5.min.js"
      ],
      "css": [
        "css/jquery-ui.css",
        "css/main.css",
        "css/category.css",
        "css/category-products.css",
        "css/store.css"
      ],
      "matches": [
        "https://uzum.uz/*"
      ]
    },
    {
      "js": [
        "scripts/seller-account-content.js",
        "scripts/ad-campaign.js",
        "scripts/ad-campaign-keys.js",
        "scripts/ad-campaign-audit.js"
      ],
      "css": [
        "css/seller-account.css",
        "css/ad-campaigns.css"
      ],
      "matches": [
        "https://seller.uzum.uz/*"
      ]
    },
    {
      "js": [
        "scripts/ad-campaign-keys.js",
        "scripts/ad-campaign-audit.js"
      ],
      "css": [
        "css/ad-campaigns.css"
      ],
      "world": "MAIN",
      "matches": [
        "https://seller.uzum.uz/*"
      ]
    }
  ],
  "host_permissions": [
    "<all_urls>"
  ],
  "manifest_version": 3,
  "web_accessible_resources": [
    {
      "matches": [
        "https://seller.uzum.uz/*"
      ],
      "resources": [
        "css/seller-account.css",
        "css/ad-campaigns.css",
        "images/zoomselling-logo-ai.svg"
      ],
      "use_dynamic_url": true
    },
    {
      "matches": [
        "<all_urls>"
      ],
      "resources": [
        "locales/*.json"
      ]
    }
  ]
}

by ✦ Astarte

ZoomSelling - аналитика по Uzum Market

Extension Details

Context-Aware Verdict

Findings

Security Analysis Details

Required Permissions:

Host Permissions:

Embedded URLs (51 total):

Raw Manifest

Detections

Manifest Findings