Browsec VPN - Free VPN for Chrome
Version 3.92.12 View in Chrome Web Store
Last scanned: about 10 hours ago
Extension Details
Developer:
browsec.com
Rating:
4.4 ★
(37.2K ratings)
Users:
8,000,000
Context-Aware Verdict
This section provides a Claude-based AI analysis that applies additional context to the risk. Results are not guaranteed to be accurate.
HIGH
Overall Risk
Trust Factors:
The extension has strong legitimacy indicators with 8 million users, a solid 4.4-star rating from 37,200 reviews, and is published by browsec.com, a known VPN service provider. The high user base and positive ratings suggest it's a legitimate service that has been widely adopted and generally well-received by users.
Concerns:
The extension's extensive permissions are concerning even for a VPN service. The proxy, webRequest, and broad host permissions create a powerful combination that allows complete control over your internet traffic. The Content Security Policy reveals connections to numerous suspicious domains with generic names like "datafrenzy.org," "quickcache.xyz," and "speedycdn.fun" - many using non-standard TLDs that could indicate ad networks or tracking services. The webRequestAuthProvider permission adds another layer of network control capability. While these permissions may be necessary for VPN functionality, they also create significant potential for misuse.
Recommendations:
Consider using this extension in a separate Chrome profile to isolate it from your primary browsing activities and sensitive accounts. Regularly review your network traffic and be cautious about using it for sensitive activities like banking. Consider whether a dedicated VPN application might be safer than a browser extension for your privacy needs. Monitor the extension's behavior and disable it when VPN functionality isn't needed.
Findings
This section provides a detailed analysis of the extension's security posture, without broader context. Assumes worst-case impact.
HIGH
Broad Host Permissions
This extension has broad host permissions allowing it to access many or all websites. This could potentially be used to steal sensitive data or track browsing activity.
HIGH
High-Risk Permission: proxy
This extension has the proxy permission. Can control proxy settings. This could potentially be used maliciously to compromise security or privacy.
HIGH
High-Risk Permission: webRequest
This extension has the webRequest permission. Can intercept and modify web requests. This could potentially be used maliciously to compromise security or privacy.
MEDIUM
Medium-Risk Permission: storage
This extension has the storage permission. Can store data locally.
Security Analysis Details
Required Permissions:
- proxy
- storage
- webRequest
- alarms
- background
- browsingData
- declarativeNetRequest
- scripting
- webRequestAuthProvider
Optional Permissions:
- management
- privacy
- tabs
Host Permissions:
- <all_urls>
Content Security Policy:
- extension_pages: default-src 'none'; script-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' data: https://*.google.com https://*.gstatic.com chrome:; font-src 'self'; object-src 'none'; connect-src 'self' https: http://detectportal.firefox.com http://*/api/test http://connectivitycheck.android.com http://example.com http://*.webstat.me http://*.webstat.me/* http://www.root-servers.org http://prmsrvs.com http://*.prmsrvs.com http://trafcfy.com http://*.trafcfy.com http://prmdom.com http://*.prmdom.com http://frmdom.com http://*.frmdom.com http://static-fn.com http://*.static-fn.com http://fn-cdn.com http://*.fn-cdn.com http://bd-assets.com http://*.bd-assets.com http://cdnflow.net http://*.cdnflow.net http://promptmesh.net http://*.promptmesh.net http://contentnode.net http://*.contentnode.net http://swiftcdn.org http://*.swiftcdn.org http://rapidwebserve.com http://*.rapidwebserve.com http://datafrenzy.org http://*.datafrenzy.org http://fastcache.xyz http://*.fastcache.xyz http://quickedgecdn.com http://*.quickedgecdn.com http://cacheflow.cloud http://*.cacheflow.cloud http://cacheflow.live http://*.cacheflow.live http://cacheflow.pro http://*.cacheflow.pro http://cachequick.info http://*.cachequick.info http://cachequick.live http://*.cachequick.live http://cachequick.pro http://*.cachequick.pro http://cachequick.xyz http://*.cachequick.xyz http://cdnaccelerate.site http://*.cdnaccelerate.site http://cdnaccelerate.space http://*.cdnaccelerate.space http://cdnaccelerate.xyz http://*.cdnaccelerate.xyz http://cdnexpress.art http://*.cdnexpress.art http://cdnexpress.live http://*.cdnexpress.live http://cdnnetwork.fun http://*.cdnnetwork.fun http://cdnnetwork.live http://*.cdnnetwork.live http://cdnnetwork.xyz http://*.cdnnetwork.xyz http://contentboost.click http://*.contentboost.click http://contentboost.website http://*.contentboost.website http://contentrush.fun http://*.contentrush.fun http://contentrush.space http://*.contentrush.space http://datadispatch.xyz http://*.datadispatch.xyz http://datadistribute.cloud http://*.datadistribute.cloud http://datadistribute.live http://*.datadistribute.live http://edgeaccelerator.space http://*.edgeaccelerator.space http://edgeaccelerator.website http://*.edgeaccelerator.website http://edgecache.fun http://*.edgecache.fun http://edgecache.live http://*.edgecache.live http://edgecache.online http://*.edgecache.online http://edgecache.xyz http://*.edgecache.xyz http://fastcontent.live http://*.fastcontent.live http://fastcontent.store http://*.fastcontent.store http://fastcontent.xyz http://*.fastcontent.xyz http://fastfetch.fun http://*.fastfetch.fun http://fastfetch.info http://*.fastfetch.info http://fastfetch.live http://*.fastfetch.live http://fastfetch.xyz http://*.fastfetch.xyz http://quickcache.click http://*.quickcache.click http://quickcache.space http://*.quickcache.space http://quickcache.website http://*.quickcache.website http://rapidcdn.click http://*.rapidcdn.click http://speedstream.click http://*.speedstream.click http://speedstream.info http://*.speedstream.info http://speedstream.live http://*.speedstream.live http://speedycdn.fun http://*.speedycdn.fun http://speedycdn.space http://*.speedycdn.space http://streamlined.delivery http://*.streamlined.delivery http://streamlineddata.space http://*.streamlineddata.space http://datadistribute.xyz http://*.datadistribute.xyz http://edgeaccelerator.xyz http://*.edgeaccelerator.xyz http://rapidcdn.xyz http://*.rapidcdn.xyz http://speedycdn.xyz http://*.speedycdn.xyz http://streamlineddata.pro http://*.streamlineddata.pro http://speedcdn.me http://*.speedcdn.me http://cdnflow.xyz http://*.cdnflow.xyz http://cdnboost.xyz http://*.cdnboost.xyz http://tiktokcdn.org http://*.tiktokcdn.org http://fastcdn.club http://*.fastcdn.club http://cdnboost.me http://*.cdnboost.me http://edgecdn.org http://*.edgecdn.org http://speedcdn.pro http://*.speedcdn.pro http://cdnboost.org http://*.cdnboost.org http://cdnbridge.org http://*.cdnbridge.org http://cdnrocket.org http://*.cdnrocket.org http://datafrenzy.org http://*.datafrenzy.org http://cdncloudhost.com http://*.cdncloudhost.com http://cdnflare.org http://*.cdnflare.org http://cdnaccelerate.com http://*.cdnaccelerate.com http://swiftcdn.org http://*.swiftcdn.org http://cdnexpress.org http://*.cdnexpress.org http://cdnstreamer.com http://*.cdnstreamer.com http://cdnflow.net http://*.cdnflow.net http://cdnzone.net http://*.cdnzone.net http://speedserve.org http://*.speedserve.org http://staticrush.com http://*.staticrush.com http://contentnode.net http://*.contentnode.net http://bd-assets.com http://*.bd-assets.com http://fastcache.xyz http://*.fastcache.xyz
Embedded URLs (151 total):
| https://browsec.com | https://gist.githubusercontent.com/brwinfo/0d4c6d2ebbe6fd716a43f0ac9d37ce22/raw | |
| https://gist.githubusercontent.com/brwinfo/ef7f684e524d01137b84313a60e1ed01/raw/ | https://d3i5gqankjg0sg.cloudfront.net/ | |
| https://a703.l461.r761.fastcloudcdn.net/api/ | https://ca901.l503.r843.fastcloudcdn.net/ | |
| https://clients2.google.com/service/update2/crx | https://browsec.com/ | |
| http://detectportal.firefox.com | http://connectivitycheck.android.com | |
| http://example.com | http://www.root-servers.org | |
| http://prmsrvs.com | http://trafcfy.com | |
| http://prmdom.com | http://frmdom.com | |
| http://static-fn.com | http://fn-cdn.com | |
| http://bd-assets.com | http://cdnflow.net | |
| http://promptmesh.net | http://contentnode.net | |
| http://swiftcdn.org | http://rapidwebserve.com | |
| http://datafrenzy.org | http://fastcache.xyz | |
| http://quickedgecdn.com | http://cacheflow.cloud | |
| http://cacheflow.live | http://cacheflow.pro | |
| http://cachequick.info | http://cachequick.live | |
| http://cachequick.pro | http://cachequick.xyz | |
| http://cdnaccelerate.site | http://cdnaccelerate.space | |
| http://cdnaccelerate.xyz | http://cdnexpress.art | |
| http://cdnexpress.live | http://cdnnetwork.fun | |
| http://cdnnetwork.live | http://cdnnetwork.xyz | |
| http://contentboost.click | http://contentboost.website | |
| http://contentrush.fun | http://contentrush.space | |
| http://datadispatch.xyz | http://datadistribute.cloud | |
| http://datadistribute.live | http://edgeaccelerator.space | |
| http://edgeaccelerator.website | http://edgecache.fun | |
| http://edgecache.live | http://edgecache.online | |
| http://edgecache.xyz | http://fastcontent.live | |
| http://fastcontent.store | http://fastcontent.xyz | |
| http://fastfetch.fun | http://fastfetch.info | |
| http://fastfetch.live | http://fastfetch.xyz | |
| http://quickcache.click | http://quickcache.space | |
| http://quickcache.website | http://rapidcdn.click | |
| http://speedstream.click | http://speedstream.info | |
| http://speedstream.live | http://speedycdn.fun | |
| http://speedycdn.space | http://streamlined.delivery | |
| http://streamlineddata.space | http://datadistribute.xyz | |
| http://edgeaccelerator.xyz | http://rapidcdn.xyz | |
| http://speedycdn.xyz | http://streamlineddata.pro | |
| http://speedcdn.me | http://cdnflow.xyz |
Page 1 of 2
Raw Manifest
{ "name": "__MSG_extension_name__", "icons": { "16": "images/icon16.png", "48": "images/icon48.png", "128": "images/icon128.png" }, "action": { "default_icon": { "16": "images/icons/16x16/disabled.png", "19": "images/icons/19x19/disabled.png", "24": "images/icons/24x24/disabled.png", "32": "images/icons/32x32/disabled.png", "38": "images/icons/38x38/disabled.png" }, "default_popup": "popup/popup.html", "default_title": "__MSG_browser_action_inactive_title__" }, "version": "3.92.12", "background": { "service_worker": "background.js" }, "short_name": "__MSG_esn__", "update_url": "https://clients2.google.com/service/update2/crx", "description": "__MSG_extension_description__", "permissions": [ "proxy", "storage", "webRequest", "alarms", "background", "browsingData", "declarativeNetRequest", "scripting", "webRequestAuthProvider" ], "homepage_url": "https://browsec.com/", "default_locale": "en", "content_scripts": [ { "js": [ "browsecSiteContentScript.js" ], "run_at": "document_start", "matches": [ "https://*/*" ] }, { "js": [ "timezoneChange.js" ], "run_at": "document_start", "matches": [ "http://*/*", "https://*/*" ] } ], "host_permissions": [ "<all_urls>" ], "manifest_version": 3, "optional_permissions": [ "management", "privacy", "tabs" ], "minimum_chrome_version": "108.0", "content_security_policy": { "extension_pages": "default-src 'none'; script-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' data: https://*.google.com https://*.gstatic.com chrome:; font-src 'self'; object-src 'none'; connect-src 'self' https: http://detectportal.firefox.com http://*/api/test http://connectivitycheck.android.com http://example.com http://*.webstat.me http://*.webstat.me/* http://www.root-servers.org http://prmsrvs.com http://*.prmsrvs.com http://trafcfy.com http://*.trafcfy.com http://prmdom.com http://*.prmdom.com http://frmdom.com http://*.frmdom.com http://static-fn.com http://*.static-fn.com http://fn-cdn.com http://*.fn-cdn.com http://bd-assets.com http://*.bd-assets.com http://cdnflow.net http://*.cdnflow.net http://promptmesh.net http://*.promptmesh.net http://contentnode.net http://*.contentnode.net http://swiftcdn.org http://*.swiftcdn.org http://rapidwebserve.com http://*.rapidwebserve.com http://datafrenzy.org http://*.datafrenzy.org http://fastcache.xyz http://*.fastcache.xyz http://quickedgecdn.com http://*.quickedgecdn.com http://cacheflow.cloud http://*.cacheflow.cloud http://cacheflow.live http://*.cacheflow.live http://cacheflow.pro http://*.cacheflow.pro http://cachequick.info http://*.cachequick.info http://cachequick.live http://*.cachequick.live http://cachequick.pro http://*.cachequick.pro http://cachequick.xyz http://*.cachequick.xyz http://cdnaccelerate.site http://*.cdnaccelerate.site http://cdnaccelerate.space http://*.cdnaccelerate.space http://cdnaccelerate.xyz http://*.cdnaccelerate.xyz http://cdnexpress.art http://*.cdnexpress.art http://cdnexpress.live http://*.cdnexpress.live http://cdnnetwork.fun http://*.cdnnetwork.fun http://cdnnetwork.live http://*.cdnnetwork.live http://cdnnetwork.xyz http://*.cdnnetwork.xyz http://contentboost.click http://*.contentboost.click http://contentboost.website http://*.contentboost.website http://contentrush.fun http://*.contentrush.fun http://contentrush.space http://*.contentrush.space http://datadispatch.xyz http://*.datadispatch.xyz http://datadistribute.cloud http://*.datadistribute.cloud http://datadistribute.live http://*.datadistribute.live http://edgeaccelerator.space http://*.edgeaccelerator.space http://edgeaccelerator.website http://*.edgeaccelerator.website http://edgecache.fun http://*.edgecache.fun http://edgecache.live http://*.edgecache.live http://edgecache.online http://*.edgecache.online http://edgecache.xyz http://*.edgecache.xyz http://fastcontent.live http://*.fastcontent.live http://fastcontent.store http://*.fastcontent.store http://fastcontent.xyz http://*.fastcontent.xyz http://fastfetch.fun http://*.fastfetch.fun http://fastfetch.info http://*.fastfetch.info http://fastfetch.live http://*.fastfetch.live http://fastfetch.xyz http://*.fastfetch.xyz http://quickcache.click http://*.quickcache.click http://quickcache.space http://*.quickcache.space http://quickcache.website http://*.quickcache.website http://rapidcdn.click http://*.rapidcdn.click http://speedstream.click http://*.speedstream.click http://speedstream.info http://*.speedstream.info http://speedstream.live http://*.speedstream.live http://speedycdn.fun http://*.speedycdn.fun http://speedycdn.space http://*.speedycdn.space http://streamlined.delivery http://*.streamlined.delivery http://streamlineddata.space http://*.streamlineddata.space http://datadistribute.xyz http://*.datadistribute.xyz http://edgeaccelerator.xyz http://*.edgeaccelerator.xyz http://rapidcdn.xyz http://*.rapidcdn.xyz http://speedycdn.xyz http://*.speedycdn.xyz http://streamlineddata.pro http://*.streamlineddata.pro http://speedcdn.me http://*.speedcdn.me http://cdnflow.xyz http://*.cdnflow.xyz http://cdnboost.xyz http://*.cdnboost.xyz http://tiktokcdn.org http://*.tiktokcdn.org http://fastcdn.club http://*.fastcdn.club http://cdnboost.me http://*.cdnboost.me http://edgecdn.org http://*.edgecdn.org http://speedcdn.pro http://*.speedcdn.pro http://cdnboost.org http://*.cdnboost.org http://cdnbridge.org http://*.cdnbridge.org http://cdnrocket.org http://*.cdnrocket.org http://datafrenzy.org http://*.datafrenzy.org http://cdncloudhost.com http://*.cdncloudhost.com http://cdnflare.org http://*.cdnflare.org http://cdnaccelerate.com http://*.cdnaccelerate.com http://swiftcdn.org http://*.swiftcdn.org http://cdnexpress.org http://*.cdnexpress.org http://cdnstreamer.com http://*.cdnstreamer.com http://cdnflow.net http://*.cdnflow.net http://cdnzone.net http://*.cdnzone.net http://speedserve.org http://*.speedserve.org http://staticrush.com http://*.staticrush.com http://contentnode.net http://*.contentnode.net http://bd-assets.com http://*.bd-assets.com http://fastcache.xyz http://*.fastcache.xyz" }, "declarative_net_request": { "rule_resources": [ { "id": "ruleset_1", "path": "rules.json", "enabled": true } ] } }
ⓘ CRXaminer has partnered with our friends at Secure Annex to provide additional findings unique to their platform.
Secure Annex also analyzes extensions from other browsers, IDEs, and can continuously monitor.
Loading Secure Annex data...
Unable to load Secure Annex data.
This extension may not yet be analyzed by Secure Annex.
Detections
0Critical
0
High
0
Medium
0
Low
0
Has Verdicts
Yes
Manifest Findings
0Critical
0
High
0
Medium
0
Low
0
Secure Annex analyzed version: -