CFCA CryptoKit.GZRailway Extension
Version 3.4.0.2 View in Chrome Web Store
Extension Details
Context-Aware Verdict
The extension appears to be related to CFCA (China Financial Certification Authority) and railway systems in Guangzhou, suggesting a legitimate business purpose for cryptographic operations. However, several concerning factors significantly impact trustworthiness: no visible download count, no user ratings or reviews, missing author and developer information, and no recent update timestamp. These missing details make it impossible to verify the extension's legitimacy or assess its community acceptance.
The combination of nativeMessaging permission with broad host permissions creates significant security risks. The extension can communicate with native applications on your computer while accessing multiple domains including local host addresses (127.0.0.1). This configuration could potentially allow data exfiltration from your local system or enable the extension to act as a bridge between web content and local applications. The broad host permissions extend beyond just railway-related domains to include perfectsign.com.cn and localhost access, which seems excessive for a railway-specific cryptographic tool.
Given the high-risk permission combination and lack of transparency about the developer, install this extension only in a separate Chrome profile if absolutely necessary for railway-related business operations. Verify the extension's authenticity through official CFCA or railway company channels before installation. Monitor system activity when the extension is active and consider using network monitoring tools to observe any unexpected data transmission.
Findings
Security Analysis Details
Required Permissions:
- nativeMessaging
Host Permissions:
- http://*.gzrailway.com.cn/*
- https://*.gzrailway.com.cn/*
- http://*.guangzh.cr/*
- https://*.guangzh.cr/*
- http://*.perfectsign.com.cn/*
- https://*.perfectsign.com.cn/*
- http://127.0.0.1/*
- https://127.0.0.1/*
Embedded URLs (3 total):
| https://clients2.google.com/service/update2/crx | http://127.0.0.1/ | |
| https://127.0.0.1/ |
Raw Manifest
{ "name": "CFCA CryptoKit.GZRailway Extension", "icons": { "16": "icon-16.png", "48": "icon-48.png", "128": "icon-128.png" }, "action": { "default_icon": { "16": "icon-16.png", "48": "icon-48.png", "128": "icon-128.png" } }, "author": "CFCA", "version": "3.4.0.2", "background": { "service_worker": "eventPage.js" }, "update_url": "https://clients2.google.com/service/update2/crx", "description": "Sign transaction data with a smart card", "permissions": [ "nativeMessaging" ], "host_permissions": [ "http://*.gzrailway.com.cn/*", "https://*.gzrailway.com.cn/*", "http://*.guangzh.cr/*", "https://*.guangzh.cr/*", "http://*.perfectsign.com.cn/*", "https://*.perfectsign.com.cn/*", "http://127.0.0.1/*", "https://127.0.0.1/*" ], "manifest_version": 3, "externally_connectable": { "matches": [ "http://*.gzrailway.com.cn/*", "https://*.gzrailway.com.cn/*", "http://*.guangzh.cr/*", "https://*.guangzh.cr/*", "http://*.perfectsign.com.cn/*", "https://*.perfectsign.com.cn/*", "http://127.0.0.1/*", "https://127.0.0.1/*" ] }, "minimum_chrome_version": "88" }
ⓘ CRXaminer has partnered with our friends at Secure Annex to provide additional findings unique to their platform.
Secure Annex also analyzes extensions from other browsers, IDEs, and can continuously monitor.
This extension may not yet be analyzed by Secure Annex.