[ new scan ] [ statistics ] [ github ] [ twitter ] [ help ]

Page Monitor

Version 4.0.2 View in Chrome Web Store

Last scanned: about 8 hours ago

Extension Details

Developer: WEBMONITORING TECHNOLOGIES INC.

Rating: 3.5 ★ (531 ratings)

Users: 50,000

Context-Aware Verdict

HIGH

Overall Risk

Trust Factors:

The extension has a moderate user base of 50,000 users and comes from an established company (WEBMONITORING TECHNOLOGIES INC.) that appears to specialize in monitoring services. However, the 3.5-star rating from 531 reviews suggests mixed user experiences, which could indicate functionality or reliability issues.

Concerns:

The extension presents several significant security risks. The combination of broad host permissions (*://*/*) with tabs permission creates extensive access to all websites and browsing activity. The 'unsafe-eval' Content Security Policy is particularly concerning as it allows dynamic JavaScript execution, creating potential attack vectors for malicious code injection. The unlimited storage permission, while potentially necessary for monitoring data, could be misused for excessive data collection. Using the older Manifest V2 framework means fewer built-in security protections compared to modern extensions.

Recommendations:

Given the high-risk profile, consider running this extension in a separate Chrome profile to isolate potential security impacts from your main browsing environment. Before installation, verify that the monitoring functionality truly requires such broad permissions. Look for alternative page monitoring extensions that use Manifest V3 and have more restrictive permissions. If you must use this extension, regularly review what data it's storing and consider the sensitivity of pages you're monitoring. Monitor your system for unusual activity after installation.

Findings

HIGH

High-Risk Permission: tabs

This extension has the tabs permission. Can access browser tab information and manipulate tabs. This could potentially be used maliciously to compromise security or privacy.

HIGH

Unsafe JavaScript Evaluation

This extension's Content Security Policy allows 'unsafe-eval', which permits dynamic JavaScript code execution using eval() and similar functions. This is a significant security risk as it could allow execution of malicious code.

MEDIUM

Medium-Risk Permission: notifications

This extension has the notifications permission. Can show notifications.

MEDIUM

Medium-Risk Permission: unlimitedStorage

This extension has the unlimitedStorage permission. Can store unlimited data locally.

MEDIUM

Older Manifest Version

This extension uses Manifest Version 2, which has fewer security restrictions than Manifest V3. Consider using extensions that have upgraded to V3.

Raw Manifest

{
  "name": "__MSG_name__",
  "icons": {
    "16": "img/icon_16.png",
    "32": "img/icon_32.png",
    "48": "img/icon_48.png",
    "128": "img/icon_128.png"
  },
  "version": "4.0.2",
  "background": {
    "page": "background.htm",
    "persistent": true
  },
  "update_url": "https://clients2.google.com/service/update2/crx",
  "description": "__MSG_description__",
  "permissions": [
    "tabs",
    "*://*/",
    "chrome://favicon/",
    "unlimitedStorage",
    "notifications"
  ],
  "options_page": "options.htm",
  "browser_action": {
    "default_icon": {
      "19": "img/browser_action_19.png",
      "38": "img/browser_action_38.png"
    },
    "default_popup": "popup.htm",
    "default_title": "__MSG_name__"
  },
  "default_locale": "en",
  "manifest_version": 2,
  "content_security_policy": "script-src 'self' 'unsafe-eval'; object-src 'self'"
}

by ✦ Astarte

http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd	http://www.w3.org/1999/xhtml
https://clients2.google.com/service/update2/crx	https://chromewebstore.google.com/detail/visualping/pemhgklkefakciniebenbfclihhmmfcd
http://www.google.com/

Page Monitor

Extension Details

Context-Aware Verdict

Findings

Security Analysis Details

Required Permissions:

Content Security Policy:

Embedded URLs (5 total):

Raw Manifest

Detections

Manifest Findings