Starting analysis...
Extension Details
Context-Aware Verdict
The extension has a substantial user base of 7 million users, which suggests widespread enterprise adoption. However, the rating of 4.0 with only 26 reviews is concerning given the large user count, indicating limited user engagement or feedback. Nexthink is a legitimate digital employee experience company that provides workplace analytics, which explains the extensive permissions required for monitoring and data collection purposes.
The extension requests extremely broad permissions that essentially grant complete browser access. The combination of webRequest interception, downloads access, identity permissions, and universal host permissions creates a powerful surveillance capability. The nativeMessaging permission allows communication with local applications, potentially expanding the attack surface beyond the browser. The scripting permission combined with <all_urls> access means this extension can execute code on any website you visit. For a workplace monitoring tool, these permissions may be necessary but represent significant privacy implications.
This appears to be an enterprise monitoring solution deployed by employers. If you're using a work computer, this extension is likely required by your organization's IT policy. For personal use, avoid installing this extension as it provides comprehensive tracking capabilities. If you must use it, consider running it in a dedicated Chrome profile separate from personal browsing. Be aware that this extension can monitor virtually all browser activity, including downloads, web navigation, and potentially sensitive information across all websites.
Findings
Security Analysis Details
Required Permissions:
- downloads
- idle
- nativeMessaging
- scripting
- storage
- tabs
- webNavigation
- webRequest
- contextMenus
- identity
- unlimitedStorage
Optional Permissions:
- downloads
Host Permissions:
- <all_urls>
Content Security Policy:
- extension_pages: default-src 'none'; script-src 'self'; style-src 'self' 'unsafe-inline'; connect-src https://*.nexthink.cloud https://*.nexthink.com wss://*.nexthink.cloud wss://*.nexthink.com;
Embedded URLs (64 total):
| https://www.datadoghq-browser-agent.com | https://www.datad0g-browser-agent.com | |
| https://d3uc069fcn7uxw.cloudfront.net | https://d20xtzwzcl0ceb.cloudfront.net | |
| https://docs.datadoghq.com | https://github.com/uuidjs/uuid#getrandomvalues-not-supported | |
| https://github.com/awslabs/aws-crt-nodejs | https://github.com/awslabs/aws-crt-nodejs.git | |
| http://bit.ly/redux-logger-options | https://redux.js.org/Errors?code= | |
| https://bit.ly/3cXEKWf | http://www.example.com | |
| https://docs.sentry.io/platforms/javascript/best-practices/browser-extensions/ | https://dap-dev-login.eu.dev.nexthink.cloud | |
| https://ec776765f5f74f85804453a916f0c04d@o783994.ingest.us.sentry.io/5798986 | https://clients2.google.com/service/update2/crx | |
| http://www.w3.org/2000/svg | https://developer.mozilla.org/en-US/docs/Web/CSS/CSS_Fonts/Variable_Fonts_Guide#Using_a_variable_font_font-face_changes | |
| https://froala.com/wysiwyg-editor | https://reactjs.org/docs/error-decoder.html?invariant= | |
| http://www.w3.org/1999/xlink | http://www.w3.org/XML/1998/namespace | |
| http://www.w3.org/1999/xhtml | http://www.w3.org/1998/Math/MathML | |
| https://fb.me/react-async-component-lifecycle-hooks | https://npms.io/search?q=ponyfill. | |
| http://fb.me/use-check-prop-types | https://reactjs.org/link/react-polyfills | |
| https://github.com/styled-components/styled-components/blob/master/packages/styled-components/src/utils/errors.md# | https://cdnjs.cloudflare.com/ajax/libs/emojione/2.0.1/assets/svg/ | |
| http://emojione.com/ | https://i.froala.com/upload | |
| https://cors-anywhere.froala.com | https://www.youtube.com/embed/ | |
| https://player.vimeo.com/video/ | https://www.dailymotion.com/embed/video/ | |
| https://rutube.ru/play/embed/ | https://play.vidyard.com/ | |
| https://secure.webtoolhub.com/static/resources/icons/set112/f2afb6f7.png | http://w3.org/200/svg | |
| https://mail.google.com/mail | https://i.froala.com/load-files | |
| https://froala.com | https://google.com | |
| https://facebook.com | https://github.com/zloirock/core-js/blob/v3.36.1/LICENSE | |
| https://github.com/zloirock/core-js | https://formatjs.io/docs/react-intl#runtime-requirements | |
| https://formatjs.io/docs/react-intl/api#intlshape | https://formatjs.io/docs/getting-started/message-distribution | |
| https://fonts.googleapis.com/css2?family=Inter:wght@400 | https://fonts.googleapis.com/icon?family=Material+Icons | |
| https://github.com/date-fns/date-fns/blob/master/docs/unicodeTokens.md | https://www.framer.com/docs/guide-upgrade/##shared-layout-animations | |
| https://github.com/markedjs/marked. | https://marked.js.org/#/USING_ADVANCED.md#options | |
| https://app.eu-dev.applearn.tv/assets/media-embed/index.html | https://c344f0363028300dc2b39120c14662c7@o783994.ingest.us.sentry.io/4507374135803904 | |
| https://www.froala.com/wysiwyg-editor | https://froala.com/wysiwyg-editor/terms/ | |
| https://fonts.googleapis.com/css2?family=Inter:wght@100..900&display=swap | https://app.eu-dev.applearn.tv:443/assets/images/themes/workday/switch_on_icon.svg | |
| https://app.eu-dev.applearn.tv:443/assets/images/themes/yeself/switch_off_icon.svg | http://www.bohemiancoding.com/sketch |
Raw Manifest
{ "name": "Nexthink", "icons": { "16": "assets/images/icon-active-16.png", "24": "assets/images/icon-active-24.png", "32": "assets/images/icon-active-32.png", "48": "assets/images/icon-active-48.png", "128": "assets/images/icon-128.png" }, "action": { "default_icon": { "16": "assets/images/icon-inactive-16.png", "24": "assets/images/icon-inactive-24.png", "32": "assets/images/icon-inactive-32.png", "48": "assets/images/icon-inactive-48.png" }, "default_popup": "/popup/inactive-popup.html", "default_title": "Nexthink" }, "version": "26.1.4", "background": { "type": "module", "service_worker": "background.js" }, "short_name": "Nexthink Browser Extension", "update_url": "https://clients2.google.com/service/update2/crx", "description": "Extends Nexthink Infinity to add experience optimization for SaaS and other web applications", "permissions": [ "downloads", "idle", "nativeMessaging", "scripting", "storage", "tabs", "webNavigation", "webRequest", "contextMenus", "identity", "unlimitedStorage" ], "version_name": "26.1.4-release", "host_permissions": [ "<all_urls>" ], "manifest_version": 3, "optional_permissions": [ "downloads" ], "content_security_policy": { "extension_pages": "default-src 'none'; script-src 'self'; style-src 'self' 'unsafe-inline'; connect-src https://*.nexthink.cloud https://*.nexthink.com wss://*.nexthink.cloud wss://*.nexthink.com;" }, "web_accessible_resources": [ { "matches": [ "<all_urls>" ], "resources": [ "assets/*", "*.map", "content/assets/fonts/*" ], "extension_ids": [] } ] }
ⓘ CRXaminer has partnered with our friends at Secure Annex to provide additional findings unique to their platform.
Secure Annex also analyzes extensions from other browsers, IDEs, and can continuously monitor.
This extension may not yet be analyzed by Secure Annex.