Starting analysis...
Norton Family
Version 3.9.0.17 View in Chrome Web Store
Last scanned: about 2 months ago
| force re-scan
Extension Details
Rating:
2.5 ★
(273 ratings)
Size:
59.31KiB
Last Updated:
July 17, 2023
Users:
90,000
Developer Info:
Gen Digital60 E Rio Salado Pkwy
Tempe, AZ 85281-9124
US
Context-Aware Verdict
This section provides a Claude-based AI analysis that applies additional context to the risk. Results are not guaranteed to be accurate.
MEDIUM
Risk Level
Trust Factors:
- The extension is developed by a reputable company, Gen Digital (formerly Symantec/Norton), which is a well-known cybersecurity firm.
- The extension has a relatively high number of users (90,000), suggesting a level of trust from the user community.
- The extension's purpose is to provide parental control features, which aligns with the broad permissions required.
Concerns:
- The extension requests broad permissions, including the ability to access all websites, inject scripts into any website, and track web navigation. While these permissions may be necessary for the extension's intended functionality, they also pose potential privacy and security risks if misused or compromised.
- The extension has a relatively low rating (2.5 out of 5), which could indicate user dissatisfaction or concerns about its performance or behavior.
Recommendations:
- While the extension is from a reputable company and serves a legitimate purpose, users should exercise caution due to the broad permissions requested.
- Consider running the extension in a separate browser profile or a sandboxed environment to isolate its activities from other browsing activities.
- Regularly review the extension's permissions and behavior, and disable or remove it if any suspicious activities are observed.
- Monitor the extension's updates and reviews for any potential security or privacy concerns raised by the user community.
- Explore alternative parental control solutions or configurations that may require fewer broad permissions or offer better privacy and security controls.
Security Analysis
This section provides a detailed analysis of the extension's security posture, without broader context. Assumes worst-case impact.
CRITICAL
Overall Risk
Based on 4 total findings, ranked without considering overall context, including 4 high-risk and 0 medium-risk findings.
HIGH
Broad Content Script Injection
This extension can inject scripts into any website. This means it could potentially read sensitive data, modify website content, or steal credentials.
HIGH
Broad Host Permissions
This extension has broad host permissions allowing it to access many or all websites. This could potentially be used to steal sensitive data or track browsing activity.
HIGH
High-Risk Permission: tabs
This extension has the tabs permission. Can access browser tab information and manipulate tabs. This could potentially be used maliciously to compromise security or privacy.
HIGH
High-Risk Permission: webNavigation
This extension has the webNavigation permission. Can track your web navigation. This could potentially be used maliciously to compromise security or privacy.
Security Analysis Details
Required Permissions:
- tabs
- webNavigation
- nativeMessaging
- declarativeNetRequest
- scripting
Host Permissions:
- <all_urls>
Embedded URLs (4 total):
| https://clients2.google.com/service/update2/crx | http://www.w3.org/2000/svg | |
| http://www.w3.org/1999/xlink | https://engtools.engba.symantec.com/Etrack/readonly_inc.php?sid=etrack&incident=2016651 |
Raw Manifest
{ "name": "__MSG_appName__", "icons": { "16": "Images/NF_16x16.png", "32": "Images/NF_32x32.png", "48": "Images/NF_48x48.png", "128": "Images/NF_128x128.png" }, "version": "3.9.0.17", "background": { "service_worker": "serviceworker.js" }, "update_url": "https://clients2.google.com/service/update2/crx", "description": "__MSG_appDesc__", "permissions": [ "tabs", "webNavigation", "nativeMessaging", "declarativeNetRequest", "scripting" ], "default_locale": "en", "content_scripts": [ { "js": [ "NF_Script.js" ], "run_at": "document_start", "matches": [ "<all_urls>" ], "all_frames": true }, { "js": [ "docstart.js" ], "run_at": "document_start", "matches": [ "<all_urls>" ], "all_frames": true } ], "host_permissions": [ "<all_urls>" ], "manifest_version": 3, "minimum_chrome_version": "88.0", "declarative_net_request": { "rule_resources": [ { "id": "httpruleset", "path": "rules.json", "enabled": true } ] } }
Secure Annex (beta)
Coming soon...