Extension Details
Rating:
5.0 ★
(1 rating)
Users:
175
Context-Aware Verdict
This section provides a Claude-based AI analysis that applies additional context to the risk. Results are not guaranteed to be accurate.
HIGH
Overall Risk
Trust Factors: This extension has significant trust concerns. With only 175 users and a single 5-star rating, there's insufficient user validation. The lack of author information and developer details raises red flags about accountability and transparency. The extension's purpose of intercepting XHR requests is inherently sensitive, as it involves monitoring network communications.
Concerns:
- Overly broad host permissions (*://*/*) allow access to all websites, which is excessive for most legitimate use cases
- The declarativeNetRequest permission combined with universal host access creates potential for comprehensive web traffic monitoring
- Extremely low user base suggests limited community vetting
- Missing developer information makes it difficult to assess credibility
- XHR interception capabilities could be misused for data harvesting or credential theft
- Single rating provides no meaningful feedback about extension behavior
Recommendations: Given the high-risk nature of this extension, consider running it in a completely separate Chrome profile if you must use it. This isolates it from your main browsing data and other extensions. Verify the extension's actual functionality matches your needs before installation. Consider alternative extensions with better transparency, larger user bases, and more restrictive permissions. If this is for development purposes, look for well-established developer tools with proven track records and active community support.
Findings
This section provides a detailed analysis of the extension's security posture, without broader context. Assumes worst-case impact.
HIGH
Broad Host Permissions
This extension has broad host permissions allowing it to access many or all websites. This could potentially be used to steal sensitive data or track browsing activity.
Security Analysis Details
Required Permissions:
- declarativeNetRequest
Host Permissions:
- *://*/*
Embedded URLs (57 total):
| https://clients2.google.com/service/update2/crx | https://www.robotstxt.org/robotstxt.html | |
| https://getbootstrap.com/ | https://github.com/twbs/bootstrap/blob/main/LICENSE | |
| http://www.w3.org/2000/svg | https://github.com/sass/sass/issues/2383#issuecomment-336349172 | |
| https://github.com/necolas/normalize.css | https://github.com/twbs/bootstrap/issues/19402 | |
| https://github.com/twbs/bootstrap/issues/24093 | https://github.com/twbs/bootstrap/pull/30562 | |
| https://github.com/twbs/bootstrap/issues/24990 | https://stackoverflow.com/a/54997118 | |
| https://github.com/twbs/bootstrap/issues/12359 | https://html.spec.whatwg.org/multipage/#the-fieldset-and-legend-elements | |
| https://github.com/twbs/bootstrap/issues/29712 | https://github.com/twbs/bootstrap/issues/18842 | |
| https://github.com/twbs/bootstrap/issues/11586. | https://rtlstyling.com/posts/rtl-styling#form-inputs | |
| https://rtlcss.com/learn/usage-guide/control-directives/#raw | https://github.com/twbs/rfs/blob/main/LICENSE | |
| https://github.com/twbs/rfs/issues/14 | https://www.w3.org/TR/WCAG20/#visual-audio-contrast-contrast | |
| https://github.com/twbs/bootstrap/issues/18178 | https://www.w3.org/TR/mediaqueries-4/#mq-min-max | |
| https://bugs.webkit.org/show_bug.cgi?id=178261 | https://github.com/react-bootstrap/react-bootstrap/issues/6039 | |
| https://github.com/philipwalton/flexbugs#flexbug-4 | https://github.com/twbs/bootstrap/issues/23307 | |
| https://bugs.webkit.org/show_bug.cgi?id=198959 | https://github.com/twbs/bootstrap/pull/11526. | |
| https://github.com/twbs/bootstrap/issues/11655. | https://github.com/twbs/bootstrap/pull/29124 | |
| https://primer.github.io/. | https://github.com/twbs/bootstrap/issues/32636 | |
| https://github.com/twbs/bootstrap/issues/28247 | https://stackoverflow.com/questions/36247140/why-dont-flex-items-shrink-past-content-size | |
| https://github.com/sass/sass/issues/1873#issuecomment-152293725 | https://github.com/twbs/bootstrap/pull/27703 | |
| https://github.com/twbs/bootstrap/pull/22740#issuecomment-305868106 | https://developer.mozilla.org/en-US/docs/Web/Events/click#Safari_Mobile | |
| https://github.com/twbs/bootstrap/pull/10951. | https://bugs.webkit.org/show_bug.cgi?id=158342 | |
| https://github.com/twbs/bootstrap/issues/17695 | https://github.com/twbs/bootstrap/issues/24800 | |
| https://www.a11yproject.com/posts/2013-01-11-how-to-hide-content/ | https://kittygiraudel.com/2016/10/13/css-hide-and-seek/ | |
| https://github.com/twbs/bootstrap/issues/25686 | https://www.w3.org/TR/2013/NOTE-WCAG20-TECHS-20130905/G1 | |
| https://reactjs.org/docs/error-decoder.html?invariant= | http://www.w3.org/1999/xlink | |
| http://www.w3.org/XML/1998/namespace | http://www.w3.org/1999/xhtml | |
| http://www.w3.org/1998/Math/MathML | https://reactjs.org/link/react-polyfills | |
| https://bugs.chromium.org/p/v8/issues/detail?id=4118 | https://bugs.chromium.org/p/v8/issues/detail?id=3056 | |
| https://bit.ly/CRA-vitals |
Raw Manifest
{ "name": "XHR Request Interceptor", "icons": { "16": "icon.png", "48": "icon.png", "128": "icon.png" }, "action": { "default_popup": "index.html", "default_title": "Edit rules" }, "version": "1.0.0", "background": { "service_worker": "background.js" }, "update_url": "https://clients2.google.com/service/update2/crx", "description": "Redirect XHR requests and change their headers", "permissions": [ "declarativeNetRequest" ], "host_permissions": [ "*://*/*" ], "manifest_version": 3 }
ⓘ CRXaminer has partnered with our friends at Secure Annex to provide additional findings unique to their platform.
Secure Annex also analyzes extensions from other browsers, IDEs, and can continuously monitor.
Loading Secure Annex data...
Unable to load Secure Annex data.
This extension may not yet be analyzed by Secure Annex.
Detections
0Critical
0
High
0
Medium
0
Low
0
Has Verdicts
Yes
Manifest Findings
0Critical
0
High
0
Medium
0
Low
0
Secure Annex analyzed version: -