[ new scan ] [ statistics ] [ github ] [ twitter ] [ help ]

Volume Booster

Version 2.0.1 View in Chrome Web Store

Last scanned: about 1 month ago | force re-scan

Extension Details

Developer: https://verblike.com/

Rating: 4.0 ★ (26 ratings)

Users: 10,000

Context-Aware Verdict

HIGH

Overall Risk

Trust Factors:

The extension has a moderate user base of 10,000 users with a decent 4.0-star rating from 26 reviews, suggesting some level of user satisfaction. However, the relatively low number of reviews compared to the user count raises questions about user engagement. The developer website (verblike.com) provides some transparency, though limited information is available about the company's reputation or track record in extension development.

Concerns:

The extension's permissions are excessive for a simple volume booster functionality. The combination of broad host permissions covering all websites, content script injection capabilities across all sites, and tabCapture permission creates significant privacy and security risks. A legitimate volume booster should only need to interact with media elements on specific sites, not inject scripts into every website you visit. The ability to capture tab audio combined with universal website access could potentially enable unauthorized recording or data collection. The storage permission, while common, adds another layer of concern when combined with the broad access capabilities.

Recommendations:

Consider running this extension in a separate Chrome profile to isolate potential risks from your main browsing activities. Look for alternative volume booster extensions with more limited permissions that only request access to specific media-related APIs. If you must use this extension, regularly review what data it might be collecting and consider disabling it when not actively needed for volume boosting.

Findings

HIGH

Broad Content Script Injection

This extension can inject scripts into any website. This means it could potentially read sensitive data, modify website content, or steal credentials.

HIGH

Broad Host Permissions

This extension has broad host permissions allowing it to access many or all websites. This could potentially be used to steal sensitive data or track browsing activity.

MEDIUM

Medium-Risk Permission: activeTab

This extension has the activeTab permission. Can access the active tab when clicking the extension icon.

MEDIUM

Medium-Risk Permission: storage

This extension has the storage permission. Can store data locally.

Raw Manifest

{
  "name": "__MSG_app_name__",
  "icons": {
    "128": "assets/icons/icon1_5.png"
  },
  "action": {
    "default_icon": "assets/icons/icon1_1.png",
    "default_title": "__MSG_app_name__"
  },
  "author": "Vadagon",
  "version": "2.0.1",
  "background": {
    "type": "module",
    "service_worker": "background.bundle.js"
  },
  "update_url": "https://clients2.google.com/service/update2/crx",
  "description": "__MSG_app_description__",
  "permissions": [
    "tabCapture",
    "activeTab",
    "storage",
    "offscreen"
  ],
  "default_locale": "en",
  "content_scripts": [
    {
      "js": [
        "contentScript.bundle.js"
      ],
      "css": [
        "content.styles.css"
      ],
      "matches": [
        "http://*/*",
        "https://*/*",
        "<all_urls>"
      ]
    }
  ],
  "host_permissions": [
    "http://*/*",
    "https://*/*",
    "<all_urls>"
  ],
  "manifest_version": 3,
  "web_accessible_resources": [
    {
      "matches": [],
      "resources": [
        "content.styles.css",
        "icon-128.png",
        "icon-34.png"
      ]
    }
  ]
}

by ✦ Astarte

Volume Booster

Extension Details

Context-Aware Verdict

Findings

Security Analysis Details

Required Permissions:

Host Permissions:

Embedded URLs (1 total):

Raw Manifest

Detections

Manifest Findings