[ new scan ] [ statistics ] [ github ] [ twitter ] [ help ]

Volume Booster

Version 2.0.1 View in Chrome Web Store

Last scanned: about 21 hours ago

Extension Details

Developer: https://verblike.com/

Rating: 4.0 ★ (26 ratings)

Users: 9,000

Context-Aware Verdict

HIGH

Overall Risk

Trust Factors:

The extension has a relatively small user base of 9,000 users with a decent 4.0-star rating from 26 reviews. However, the limited number of reviews relative to users suggests low engagement. The developer website (verblike.com) provides some legitimacy, but the extension's broad permissions raise significant concerns about its actual functionality versus stated purpose.

Concerns:

The extension's permissions are extremely excessive for a simple volume booster. The tabCapture permission allows recording of audio/video from tabs, while broad host permissions and content script injection capabilities mean it can access and modify content on every website you visit. This creates potential for data harvesting, credential theft, and privacy violations. The combination of these permissions essentially gives the extension complete access to your browsing activity and website interactions, which is unnecessary for volume enhancement functionality.

Recommendations:

Consider running this extension in a separate Chrome profile to isolate it from your main browsing activities and sensitive accounts. Before installation, verify that simpler volume control alternatives exist that don't require such extensive permissions. Monitor the extension's behavior closely and consider uninstalling if you notice unusual network activity or performance issues. Given the risk-to-benefit ratio, you may want to explore native browser volume controls or less invasive alternatives that don't require broad website access permissions.

Findings

HIGH

Broad Content Script Injection

This extension can inject scripts into any website. This means it could potentially read sensitive data, modify website content, or steal credentials.

HIGH

Broad Host Permissions

This extension has broad host permissions allowing it to access many or all websites. This could potentially be used to steal sensitive data or track browsing activity.

MEDIUM

Medium-Risk Permission: activeTab

This extension has the activeTab permission. Can access the active tab when clicking the extension icon.

MEDIUM

Medium-Risk Permission: storage

This extension has the storage permission. Can store data locally.

Raw Manifest

{
  "name": "__MSG_app_name__",
  "icons": {
    "128": "assets/icons/icon1_5.png"
  },
  "action": {
    "default_icon": "assets/icons/icon1_1.png",
    "default_title": "__MSG_app_name__"
  },
  "author": "Vadagon",
  "version": "2.0.1",
  "background": {
    "type": "module",
    "service_worker": "background.bundle.js"
  },
  "update_url": "https://clients2.google.com/service/update2/crx",
  "description": "__MSG_app_description__",
  "permissions": [
    "tabCapture",
    "activeTab",
    "storage",
    "offscreen"
  ],
  "default_locale": "en",
  "content_scripts": [
    {
      "js": [
        "contentScript.bundle.js"
      ],
      "css": [
        "content.styles.css"
      ],
      "matches": [
        "http://*/*",
        "https://*/*",
        "<all_urls>"
      ]
    }
  ],
  "host_permissions": [
    "http://*/*",
    "https://*/*",
    "<all_urls>"
  ],
  "manifest_version": 3,
  "web_accessible_resources": [
    {
      "matches": [],
      "resources": [
        "content.styles.css",
        "icon-128.png",
        "icon-34.png"
      ]
    }
  ]
}

by ✦ Astarte

Volume Booster

Extension Details

Context-Aware Verdict

Findings

Security Analysis Details

Required Permissions:

Host Permissions:

Embedded URLs (1 total):

Raw Manifest

Detections

Manifest Findings