CRXaminer

[ new scan ] [ statistics ] [ github ] [ twitter ] [ help ]

Last scanned: about 5 hours ago

Extension Details

Context-Aware Verdict

CRITICAL

Overall Risk

Trust Factors: The extension lacks basic identifying information including name, description, author details, user count, and ratings, making it impossible to verify legitimacy or reputation. This anonymity is a major red flag for any browser extension, especially one requesting sensitive permissions.

Concerns:

- Missing critical metadata raises serious authenticity questions

- Targets highly sensitive Dutch government and financial websites including tax services (belastingdienst.nl), social security (uwv.nl), digital identity services (digid.nl), and pension platforms

- Cookies permission allows access to authentication tokens and session data on these sensitive sites

- WebRequest permission enables interception and modification of all network traffic to targeted domains

- The combination of permissions could facilitate credential theft, session hijacking, or man-in-the-middle attacks on government services

- Content scripts can inject code into pages handling personal financial and identity information

- Broad host permissions across multiple critical infrastructure domains

Recommendations:

Do not install this extension under any circumstances. The lack of identifying information combined with permissions targeting sensitive government and financial services suggests potential malicious intent. If you encounter this extension already installed, remove it immediately and change passwords for any affected government services. Consider running a security scan and monitoring your accounts for unauthorized access. Only install extensions from verified developers with clear purposes and appropriate permission requests.

Findings

HIGH

Broad Host Permissions

This extension has broad host permissions allowing it to access many or all websites. This could potentially be used to steal sensitive data or track browsing activity.

HIGH

High-Risk Permission: cookies

This extension has the cookies permission. Can access and modify browser cookies. This could potentially be used maliciously to compromise security or privacy.

HIGH

High-Risk Permission: webRequest

This extension has the webRequest permission. Can intercept and modify web requests. This could potentially be used maliciously to compromise security or privacy.

MEDIUM

Medium-Risk Permission: storage

This extension has the storage permission. Can store data locally.

Security Analysis Details

Required Permissions:

cookies
webRequest
storage

Host Permissions:

https://*.aqopi.com/*
https://iwize.nl/*
https://*.overheid.nl/*
https://*.mijnpensioenoverzicht.nl/*
https://*.uwv.nl/*
https://*.belastingdienst.nl/*
https://*.duo.nl/*
https://*.digid.nl/*

Content Security Policy:

extension_pages: script-src 'self'; object-src 'self'

Embedded URLs (9 total):

https://iwize.nl/generic/reset.html	https://stackoverflow.com/questions/67439012/chrome-extension-manifest-v3-content-security-policy
https://jrsinclair.com/articles/2019/how-to-run-async-js-in-parallel-or-sequential/	https://clients2.google.com/service/update2/crx
https://hdconnect.nl/	https://iwize.nl/
https://mijn.duo.nl/	https://developer.chrome.com/docs/extensions/mv3/migrating_to_service_workers/
https://blog.shahednasser.com/chrome-extension-tutorial-migrating-to-manifest-v3-from-v2/

Raw Manifest

{
  "name": "Accelerate Brondata",
  "icons": {
    "32": "resources/logo32X32.png",
    "48": "resources/logo48X48.png",
    "128": "resources/logo128X128.png"
  },
  "action": {
    "default_icon": "resources/logo32X32.png",
    "default_popup": "popup/popup.html",
    "default_title": "Accelerate"
  },
  "version": "3.6.0",
  "background": {
    "service_worker": "background.js"
  },
  "update_url": "https://clients2.google.com/service/update2/crx",
  "description": "De extensie is nodig om voor jouw inventarisatie de benodigde gegevens op te halen bij verschillende overheidsinstanties.",
  "permissions": [
    "cookies",
    "webRequest",
    "storage"
  ],
  "homepage_url": "https://hdconnect.nl/",
  "content_scripts": [
    {
      "js": [
        "content/content.js",
        "content/actions.js",
        "content/helpers/utils.js",
        "content/crypto.js",
        "content/templateMatching.js",
        "content/fetchBlob.js",
        "content/downloadPdfByClick.js"
      ],
      "run_at": "document_start",
      "matches": [
        "https://*.aqopi.com/*",
        "https://iwize.nl/*",
        "https://*.overheid.nl/*",
        "https://*.mijnpensioenoverzicht.nl/*",
        "https://*.uwv.nl/*",
        "https://*.duo.nl/*",
        "https://*.belastingdienst.nl/*",
        "https://*.digid.nl/*"
      ]
    },
    {
      "js": [
        "content/interceptMoh.js"
      ],
      "run_at": "document_start",
      "matches": [
        "https://*.overheid.nl/*"
      ]
    },
    {
      "js": [
        "content/fetchJsonWithAuthHeader.js"
      ],
      "run_at": "document_start",
      "matches": [
        "https://mijn.duo.nl/*",
        "https://*.aqopi.com/*"
      ]
    }
  ],
  "host_permissions": [
    "https://*.aqopi.com/*",
    "https://iwize.nl/*",
    "https://*.overheid.nl/*",
    "https://*.mijnpensioenoverzicht.nl/*",
    "https://*.uwv.nl/*",
    "https://*.belastingdienst.nl/*",
    "https://*.duo.nl/*",
    "https://*.digid.nl/*"
  ],
  "manifest_version": 3,
  "externally_connectable": {
    "matches": [
      "https://*.iwize.nl/*"
    ]
  },
  "content_security_policy": {
    "extension_pages": "script-src 'self'; object-src 'self'"
  },
  "web_accessible_resources": [
    {
      "matches": [
        "<all_urls>"
      ],
      "resources": [
        "/resources/logo80X80.png",
        "/content/helpers/dljson.js",
        "/content/helpers/wrap.js"
      ]
    }
  ]
}

by ✦ Astarte

Extension Details

Context-Aware Verdict

Findings

Security Analysis Details

Required Permissions:

Host Permissions:

Content Security Policy:

Embedded URLs (9 total):

Raw Manifest

Detections

Manifest Findings