[ new scan ] [ statistics ] [ github ] [ twitter ] [ help ]

SConnect

Version 2.16.0.0 View in Chrome Web Store

Last scanned: about 2 hours ago

Extension Details

Developer: http://www.sconnect.com/

Rating: 2.8 ★ (186 ratings)

Users: 1,000,000

Context-Aware Verdict

HIGH

Overall Risk

Trust Factors:

The extension has a substantial user base of 1 million users, which suggests some level of adoption. However, the low rating of 2.8 out of 5 with 186 reviews is concerning and indicates significant user dissatisfaction. The developer website (sconnect.com) provides some legitimacy, but the lack of detailed developer information and missing last updated date raises transparency concerns.

Concerns:

The extension requests extremely broad permissions that appear excessive for most legitimate use cases. The combination of tabs permission, scripting capabilities, and all_urls host permissions creates a powerful surveillance toolkit. The nativeMessaging permission allows communication with local applications, potentially bypassing browser security boundaries. Content scripts running on all HTTP, HTTPS, and file URLs means this extension can monitor and modify every webpage you visit. The poor user rating suggests the extension may not be functioning as expected or may be exhibiting unwanted behavior.

Recommendations:

Given the high risk level, consider running this extension in a separate Chrome profile isolated from your main browsing activities. Before installation, research the specific functionality this extension provides and verify whether such broad permissions are truly necessary. Monitor your browsing behavior closely after installation and remove immediately if you notice any suspicious activity. Consider alternative extensions with more limited permissions that accomplish the same task. Review the developer's privacy policy thoroughly before use.

Findings

HIGH

Broad Host Permissions

This extension has broad host permissions allowing it to access many or all websites. This could potentially be used to steal sensitive data or track browsing activity.

HIGH

High-Risk Permission: tabs

This extension has the tabs permission. Can access browser tab information and manipulate tabs. This could potentially be used maliciously to compromise security or privacy.

Raw Manifest

{
  "name": "SConnect",
  "icons": {
    "48": "img/icon48.png",
    "128": "img/icon128.png"
  },
  "action": {
    "default_icon": {
      "19": "img/icon19-bw.png",
      "38": "img/icon38-bw.png"
    },
    "default_popup": "actionpage.html",
    "default_title": "__MSG_inactive__"
  },
  "author": "Gemalto",
  "version": "2.16.0.0",
  "background": {
    "service_worker": "js/eventpage.js"
  },
  "short_name": "SConnect",
  "update_url": "https://clients2.google.com/service/update2/crx",
  "description": "SEcure Addons Manager for Chrome",
  "permissions": [
    "tabs",
    "nativeMessaging",
    "scripting"
  ],
  "options_page": "optionspage.html",
  "default_locale": "en",
  "content_scripts": [
    {
      "js": [
        "js/contentscript.js"
      ],
      "run_at": "document_end",
      "matches": [
        "http://*/*",
        "https://*/*",
        "file://*/*"
      ],
      "all_frames": true
    }
  ],
  "host_permissions": [
    "<all_urls>"
  ],
  "manifest_version": 3
}

by ✦ Astarte

https://addons.opera.com	https://www.sconnect.com/faqs/index.html#settings
https://clients2.google.com/service/update2/crx	http://www.gemalto.com

SConnect

Extension Details

Context-Aware Verdict

Findings

Security Analysis Details

Required Permissions:

Host Permissions:

Embedded URLs (4 total):

Raw Manifest

Detections

Manifest Findings