[ new scan ] [ statistics ] [ github ] [ twitter ] [ help ]

CFCA CertEnrollment.ChiYuBank Extension

Version 3.2.0.1 View in Chrome Web Store

Last scanned: about 2 hours ago

Extension Details

Rating: 0.0 ★

Users: 10

Context-Aware Verdict

HIGH

Overall Risk

Trust Factors:

The extension has extremely limited trust indicators with only 10 users, no rating data, and missing critical metadata like author information and last update date. The name suggests it's related to CFCA (China Financial Certification Authority) and ChiYu Bank certificate enrollment, which could be legitimate banking infrastructure, but the lack of transparency raises concerns.

Concerns:

- Minimal user base (10 users) with no established reputation or reviews

- Missing developer information and update history creates accountability gaps

- Native messaging permission allows direct communication with local system applications, creating potential attack vectors

- Host permissions are limited to specific banking domains (cybchina.com.cn and test.xib.com.cn) but still provide broad access within those domains

- The combination of native messaging with web access could enable sophisticated attacks if compromised

- Banking-related extensions handling certificates pose inherent security risks due to the sensitive nature of financial authentication

Recommendations:

Given the high-risk nature of banking certificate management combined with limited trust indicators, consider running this extension in a separate Chrome profile dedicated solely to banking activities. Verify the extension's legitimacy directly with ChiYu Bank before installation. Monitor for any unusual system behavior or network activity. Consider using the bank's official website directly rather than relying on browser extensions for certificate enrollment if possible.

Findings

HIGH

Broad Host Permissions

This extension has broad host permissions allowing it to access many or all websites. This could potentially be used to steal sensitive data or track browsing activity.

Raw Manifest

{
  "name": "CFCA CertEnrollment.ChiYuBank Extension",
  "icons": {
    "16": "icon-16.png",
    "48": "icon-48.png",
    "128": "icon-128.png"
  },
  "action": {
    "default_icon": {
      "16": "icon-16.png",
      "48": "icon-48.png",
      "128": "icon-128.png"
    }
  },
  "author": "CFCA",
  "version": "3.2.0.1",
  "background": {
    "service_worker": "eventPage.js"
  },
  "update_url": "https://clients2.google.com/service/update2/crx",
  "description": "CFCA Security Application Development Kit",
  "permissions": [
    "nativeMessaging"
  ],
  "host_permissions": [
    "https://*.cybchina.com.cn/*",
    "http://*.cybchina.com.cn/*",
    "https://*.test.xib.com.cn/*",
    "http://*.test.xib.com.cn/*"
  ],
  "manifest_version": 3,
  "externally_connectable": {
    "matches": [
      "https://*.cybchina.com.cn/*",
      "http://*.cybchina.com.cn/*",
      "https://*.test.xib.com.cn/*",
      "http://*.test.xib.com.cn/*"
    ]
  },
  "minimum_chrome_version": "88"
}

by ✦ Astarte

CFCA CertEnrollment.ChiYuBank Extension

Extension Details

Context-Aware Verdict

Findings

Security Analysis Details

Required Permissions:

Host Permissions:

Embedded URLs (1 total):

Raw Manifest

Detections

Manifest Findings