[ new scan ] [ statistics ] [ github ] [ twitter ] [ help ]

Daisycon chrome extension

Version 2.1.0 View in Chrome Web Store

Last scanned: about 6 hours ago

Extension Details

Developer: Daisycon

Rating: 5.0 ★ (3 ratings)

Users: 1,000

Context-Aware Verdict

HIGH

Overall Risk

Trust Factors:

The extension is developed by Daisycon, which appears to be a legitimate affiliate marketing company. However, the trust indicators are concerning with only 1,000 users and just 3 ratings, suggesting limited adoption and verification. The perfect 5.0 rating from such a small sample size provides minimal confidence in the extension's reliability.

Concerns:

The extension requests highly sensitive permissions that seem excessive for a typical affiliate marketing tool. The identity permission is particularly concerning as it can access personal authentication data. The tabs permission allows monitoring and manipulation of all browser tabs, creating significant privacy risks. The broad host permissions, while limited to Daisycon domains, still represent elevated access. The combination of identity, tabs, and storage permissions creates a powerful surveillance capability that could be misused to track user behavior across websites or access sensitive account information.

Recommendations:

Given the high-risk profile, install this extension only in a separate Chrome profile dedicated to affiliate marketing activities. Regularly review what data the extension accesses through Chrome's privacy settings. Consider whether the functionality truly requires such extensive permissions - contact Daisycon to understand why identity and tabs permissions are necessary. Monitor your accounts for any unusual activity after installation. If possible, use alternative affiliate tracking methods that don't require browser extensions with such broad access.

Findings

HIGH

Broad Host Permissions

This extension has broad host permissions allowing it to access many or all websites. This could potentially be used to steal sensitive data or track browsing activity.

HIGH

High-Risk Permission: identity

This extension has the identity permission. Can access your identity information. This could potentially be used maliciously to compromise security or privacy.

HIGH

High-Risk Permission: tabs

This extension has the tabs permission. Can access browser tab information and manipulate tabs. This could potentially be used maliciously to compromise security or privacy.

MEDIUM

Medium-Risk Permission: notifications

This extension has the notifications permission. Can show notifications.

MEDIUM

Medium-Risk Permission: storage

This extension has the storage permission. Can store data locally.

Security Analysis Details

Required Permissions:

notifications
storage
tabs
identity

Host Permissions:

https://services.daisycon.com/*
https://login.daisycon.com/*

Embedded URLs (95 total):

https://tools.ietf.org/html/rfc7231#section-6.3.3	https://tools.ietf.org/html/rfc7231#section-6.6.3
https://tools.ietf.org/html/rfc7231#section-6.5.1	https://tools.ietf.org/html/rfc7231#section-6.5.8
https://tools.ietf.org/html/rfc7231#section-6.2.1	https://tools.ietf.org/html/rfc7231#section-6.3.2
https://tools.ietf.org/html/rfc7231#section-6.5.14	https://tools.ietf.org/html/rfc2518#section-10.5
https://tools.ietf.org/html/rfc7231#section-6.5.3	https://tools.ietf.org/html/rfc7231#section-6.6.5
https://tools.ietf.org/html/rfc7231#section-6.5.9	https://tools.ietf.org/html/rfc7231#section-6.6.6
https://tools.ietf.org/html/rfc2324#section-2.3.2	https://tools.ietf.org/html/rfc2518#section-10.6
https://tools.ietf.org/html/rfc7231#section-6.6.1	https://tools.ietf.org/html/rfc7231#section-6.5.10
https://tools.ietf.org/html/rfc2518#section-10.4	https://tools.ietf.org/rfcdiff?difftype=--hwdiff&url2=draft-ietf-webdav-protocol-06.txt
https://tools.ietf.org/html/rfc7231#section-6.5.5	https://tools.ietf.org/html/rfc7231#section-6.4.2
https://tools.ietf.org/html/rfc7231#section-6.4.3	https://tools.ietf.org/html/rfc2518#section-10.2
https://tools.ietf.org/html/rfc7231#section-6.4.1	https://tools.ietf.org/html/rfc6585#section-6
https://tools.ietf.org/html/rfc7231#section-6.3.5	https://tools.ietf.org/html/rfc7231#section-6.3.4
https://tools.ietf.org/html/rfc7231#section-6.5.6	https://tools.ietf.org/html/rfc7231#section-6.5.4
https://tools.ietf.org/html/rfc7231#section-6.6.2	https://tools.ietf.org/html/rfc7232#section-4.1
https://tools.ietf.org/html/rfc7231#section-6.3.1	https://tools.ietf.org/html/rfc7233#section-4.1
https://tools.ietf.org/html/rfc7231#section-6.5.2	https://tools.ietf.org/html/rfc7538#section-3
https://tools.ietf.org/html/rfc7232#section-4.2	https://tools.ietf.org/html/rfc6585#section-3
https://tools.ietf.org/html/rfc2518#section-10.1	https://tools.ietf.org/html/rfc7235#section-3.2
https://tools.ietf.org/html/rfc6585#section-5	https://tools.ietf.org/html/rfc7231#section-6.5.7
https://tools.ietf.org/html/rfc7231#section-6.5.11	https://tools.ietf.org/html/rfc7231#section-6.5.12
https://tools.ietf.org/html/rfc7233#section-4.4	https://tools.ietf.org/html/rfc7231#section-6.3.6
https://tools.ietf.org/html/rfc7231#section-6.4.4	https://tools.ietf.org/html/rfc7231#section-6.6.4
https://tools.ietf.org/html/rfc7231#section-6.2.2	https://tools.ietf.org/html/rfc7231#section-6.4.7
https://tools.ietf.org/html/rfc6585#section-4	https://tools.ietf.org/html/rfc7235#section-3.1
https://tools.ietf.org/html/rfc7725	https://tools.ietf.org/html/rfc2518#section-10.3
https://tools.ietf.org/html/rfc7231#section-6.5.13	https://tools.ietf.org/html/rfc7231#section-6.4.6
http://en.wikipedia.org/wiki/Domain_name	http://en.wikipedia.org/wiki/Hostname
https://mathiasbynens.be/notes/javascript-encoding	https://tools.ietf.org/html/rfc3492#section-3.4
https://rollbar.com/item/uuid/?uuid=	https://rollbar.com/occurrence/uuid/?uuid=
https://services.daisycon.com	https://login.daisycon.com/oauth/access-token
https://login.daisycon.com/oauth/authorize?client_id=	https://www.www.
https://clients2.google.com/service/update2/crx	https://services.daisycon.com/
https://login.daisycon.com/	http://www.apache.org/licenses/
http://www.apache.org/licenses/LICENSE-2.0	https://angular.io/license
http://www.w3.org/2000/svg	https://fontawesome.com
https://fontawesome.com/license/free	https://loading.io/
https://g.co/ng/security#xss	http://www.w3.org/1999/xhtml
http://www.w3.org/1999/xlink	http://www.w3.org/XML/1998/namespace
http://www.w3.org/2000/xmlns/	http://www.w3.org/1998/MathML/

Page 1 of 2

Raw Manifest

{
  "name": "Daisycon chrome extension",
  "icons": {
    "128": "popup/assets/d.png"
  },
  "action": {
    "default_icon": "popup/favicon.ico",
    "default_popup": "popup/index.html"
  },
  "version": "2.1.0",
  "background": {
    "service_worker": "background/background.js"
  },
  "update_url": "https://clients2.google.com/service/update2/crx",
  "description": "Create deeplinks directly from the page you are visiting.",
  "permissions": [
    "notifications",
    "storage",
    "tabs",
    "identity"
  ],
  "host_permissions": [
    "https://services.daisycon.com/*",
    "https://login.daisycon.com/*"
  ],
  "manifest_version": 3
}

by ✦ Astarte

Daisycon chrome extension

Extension Details

Context-Aware Verdict

Findings

Security Analysis Details

Required Permissions:

Host Permissions:

Embedded URLs (95 total):

Raw Manifest

Detections

Manifest Findings