Browsec VPN - Free VPN for Chrome
Version 3.92.10 View in Chrome Web Store
Last scanned: 21 days ago
| force re-scan
Extension Details
Developer:
https://browsec.com/
Rating:
4.4 ★
(35.6K ratings)
Users:
7,000,000
Context-Aware Verdict
This section provides a Claude-based AI analysis that applies additional context to the risk. Results are not guaranteed to be accurate.
HIGH
Overall Risk
Trust Factors:
Browsec VPN has strong trust indicators with 7 million users, a solid 4.4-star rating from 35,600+ reviews, and is developed by an established VPN company. The high user adoption and positive ratings suggest legitimate functionality and user satisfaction. The company operates a known VPN service with a clear business model.
Concerns:
The extension's extensive permission set raises significant privacy concerns. The proxy, webRequest, and broad host permissions are necessary for VPN functionality but create substantial attack surface. The Content Security Policy reveals connections to numerous suspicious domains with generic names like "datafrenzy.org," "rapidcdn.click," and "speedycdn.fun" that appear unrelated to legitimate VPN operations. These domains could indicate ad injection, tracking, or other monetization schemes. The combination of all-sites access with web request interception means this extension can monitor and potentially modify all browsing activity. The scripting permission allows code injection across all websites.
Recommendations:
Consider using the official Browsec desktop application instead of the browser extension for better security isolation. If using the extension, run it in a dedicated Chrome profile separate from sensitive browsing activities like banking or work. Regularly review your browsing behavior for unexpected ads or redirects. Monitor network traffic for connections to suspicious domains. Consider premium VPN services with stronger privacy commitments if privacy is a primary concern.
Findings
This section provides a detailed analysis of the extension's security posture, without broader context. Assumes worst-case impact.
HIGH
Broad Host Permissions
This extension has broad host permissions allowing it to access many or all websites. This could potentially be used to steal sensitive data or track browsing activity.
HIGH
High-Risk Permission: proxy
This extension has the proxy permission. Can control proxy settings. This could potentially be used maliciously to compromise security or privacy.
HIGH
High-Risk Permission: webRequest
This extension has the webRequest permission. Can intercept and modify web requests. This could potentially be used maliciously to compromise security or privacy.
MEDIUM
Medium-Risk Permission: storage
This extension has the storage permission. Can store data locally.
Security Analysis Details
Required Permissions:
- proxy
- storage
- webRequest
- alarms
- background
- browsingData
- declarativeNetRequest
- scripting
- webRequestAuthProvider
Optional Permissions:
- management
- privacy
- tabs
Host Permissions:
- <all_urls>
Content Security Policy:
- extension_pages: default-src 'none'; script-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' data: https://*.google.com https://*.gstatic.com chrome:; font-src 'self'; object-src 'none'; connect-src 'self' https: http://detectportal.firefox.com http://*/api/test http://connectivitycheck.android.com http://example.com http://*.webstat.me http://*.webstat.me/* http://www.root-servers.org http://prmsrvs.com http://*.prmsrvs.com http://trafcfy.com http://*.trafcfy.com http://prmdom.com http://*.prmdom.com http://frmdom.com http://*.frmdom.com http://static-fn.com http://*.static-fn.com http://fn-cdn.com http://*.fn-cdn.com http://bd-assets.com http://*.bd-assets.com http://cdnflow.net http://*.cdnflow.net http://promptmesh.net http://*.promptmesh.net http://contentnode.net http://*.contentnode.net http://swiftcdn.org http://*.swiftcdn.org http://rapidwebserve.com http://*.rapidwebserve.com http://datafrenzy.org http://*.datafrenzy.org http://fastcache.xyz http://*.fastcache.xyz http://quickedgecdn.com http://*.quickedgecdn.com http://cacheflow.cloud http://*.cacheflow.cloud http://cacheflow.live http://*.cacheflow.live http://cacheflow.pro http://*.cacheflow.pro http://cachequick.info http://*.cachequick.info http://cachequick.live http://*.cachequick.live http://cachequick.pro http://*.cachequick.pro http://cachequick.xyz http://*.cachequick.xyz http://cdnaccelerate.site http://*.cdnaccelerate.site http://cdnaccelerate.space http://*.cdnaccelerate.space http://cdnaccelerate.xyz http://*.cdnaccelerate.xyz http://cdnexpress.art http://*.cdnexpress.art http://cdnexpress.live http://*.cdnexpress.live http://cdnnetwork.fun http://*.cdnnetwork.fun http://cdnnetwork.live http://*.cdnnetwork.live http://cdnnetwork.xyz http://*.cdnnetwork.xyz http://contentboost.click http://*.contentboost.click http://contentboost.website http://*.contentboost.website http://contentrush.fun http://*.contentrush.fun http://contentrush.space http://*.contentrush.space http://datadispatch.xyz http://*.datadispatch.xyz http://datadistribute.cloud http://*.datadistribute.cloud http://datadistribute.live http://*.datadistribute.live http://edgeaccelerator.space http://*.edgeaccelerator.space http://edgeaccelerator.website http://*.edgeaccelerator.website http://edgecache.fun http://*.edgecache.fun http://edgecache.live http://*.edgecache.live http://edgecache.online http://*.edgecache.online http://edgecache.xyz http://*.edgecache.xyz http://fastcontent.live http://*.fastcontent.live http://fastcontent.store http://*.fastcontent.store http://fastcontent.xyz http://*.fastcontent.xyz http://fastfetch.fun http://*.fastfetch.fun http://fastfetch.info http://*.fastfetch.info http://fastfetch.live http://*.fastfetch.live http://fastfetch.xyz http://*.fastfetch.xyz http://quickcache.click http://*.quickcache.click http://quickcache.space http://*.quickcache.space http://quickcache.website http://*.quickcache.website http://rapidcdn.click http://*.rapidcdn.click http://speedstream.click http://*.speedstream.click http://speedstream.info http://*.speedstream.info http://speedstream.live http://*.speedstream.live http://speedycdn.fun http://*.speedycdn.fun http://speedycdn.space http://*.speedycdn.space http://streamlined.delivery http://*.streamlined.delivery http://streamlineddata.space http://*.streamlineddata.space http://datadistribute.xyz http://*.datadistribute.xyz http://edgeaccelerator.xyz http://*.edgeaccelerator.xyz http://rapidcdn.xyz http://*.rapidcdn.xyz http://speedycdn.xyz http://*.speedycdn.xyz http://streamlineddata.pro http://*.streamlineddata.pro http://speedcdn.me http://*.speedcdn.me http://cdnflow.xyz http://*.cdnflow.xyz http://cdnboost.xyz http://*.cdnboost.xyz http://tiktokcdn.org http://*.tiktokcdn.org http://fastcdn.club http://*.fastcdn.club http://cdnboost.me http://*.cdnboost.me http://edgecdn.org http://*.edgecdn.org http://speedcdn.pro http://*.speedcdn.pro http://cdnboost.org http://*.cdnboost.org http://cdnbridge.org http://*.cdnbridge.org http://cdnrocket.org http://*.cdnrocket.org http://datafrenzy.org http://*.datafrenzy.org http://cdncloudhost.com http://*.cdncloudhost.com http://cdnflare.org http://*.cdnflare.org http://cdnaccelerate.com http://*.cdnaccelerate.com http://swiftcdn.org http://*.swiftcdn.org http://cdnexpress.org http://*.cdnexpress.org http://cdnstreamer.com http://*.cdnstreamer.com http://cdnflow.net http://*.cdnflow.net http://cdnzone.net http://*.cdnzone.net http://speedserve.org http://*.speedserve.org http://staticrush.com http://*.staticrush.com http://contentnode.net http://*.contentnode.net http://bd-assets.com http://*.bd-assets.com http://fastcache.xyz http://*.fastcache.xyz
Embedded URLs (151 total):
| https://lodash.com/ | https://openjsf.org/ | |
| https://lodash.com/license | http://underscorejs.org/LICENSE | |
| https://browsec.com | https://gist.githubusercontent.com/brwinfo/0d4c6d2ebbe6fd716a43f0ac9d37ce22/raw | |
| https://gist.githubusercontent.com/brwinfo/ef7f684e524d01137b84313a60e1ed01/raw/ | https://www.google-analytics.com/mp/collect?measurement_id= | |
| https://www.google-analytics.com/g/collect | https://redux.js.org/Errors?code= | |
| https://detectportal.firefox.com/success.txt | https://npms.io/search?q=ponyfill. | |
| https://d3i5gqankjg0sg.cloudfront.net/ | https://a703.l461.r761.fastcloudcdn.net/api/ | |
| https://ca901.l503.r843.fastcloudcdn.net/ | https://clients2.google.com/service/update2/crx | |
| https://browsec.com/ | http://detectportal.firefox.com | |
| http://connectivitycheck.android.com | http://example.com | |
| http://www.root-servers.org | http://prmsrvs.com | |
| http://trafcfy.com | http://prmdom.com | |
| http://frmdom.com | http://static-fn.com | |
| http://fn-cdn.com | http://bd-assets.com | |
| http://cdnflow.net | http://promptmesh.net | |
| http://contentnode.net | http://swiftcdn.org | |
| http://rapidwebserve.com | http://datafrenzy.org | |
| http://fastcache.xyz | http://quickedgecdn.com | |
| http://cacheflow.cloud | http://cacheflow.live | |
| http://cacheflow.pro | http://cachequick.info | |
| http://cachequick.live | http://cachequick.pro | |
| http://cachequick.xyz | http://cdnaccelerate.site | |
| http://cdnaccelerate.space | http://cdnaccelerate.xyz | |
| http://cdnexpress.art | http://cdnexpress.live | |
| http://cdnnetwork.fun | http://cdnnetwork.live | |
| http://cdnnetwork.xyz | http://contentboost.click | |
| http://contentboost.website | http://contentrush.fun | |
| http://contentrush.space | http://datadispatch.xyz | |
| http://datadistribute.cloud | http://datadistribute.live | |
| http://edgeaccelerator.space | http://edgeaccelerator.website | |
| http://edgecache.fun | http://edgecache.live | |
| http://edgecache.online | http://edgecache.xyz | |
| http://fastcontent.live | http://fastcontent.store | |
| http://fastcontent.xyz | http://fastfetch.fun | |
| http://fastfetch.info | http://fastfetch.live | |
| http://fastfetch.xyz | http://quickcache.click | |
| http://quickcache.space | http://quickcache.website | |
| http://rapidcdn.click | http://speedstream.click | |
| http://speedstream.info | http://speedstream.live | |
| http://speedycdn.fun | http://speedycdn.space |
Page 1 of 2
Raw Manifest
{ "name": "__MSG_extension_name__", "icons": { "16": "images/icon16.png", "48": "images/icon48.png", "128": "images/icon128.png" }, "action": { "default_icon": { "16": "images/icons/16x16/disabled.png", "19": "images/icons/19x19/disabled.png", "24": "images/icons/24x24/disabled.png", "32": "images/icons/32x32/disabled.png", "38": "images/icons/38x38/disabled.png" }, "default_popup": "popup/popup.html", "default_title": "__MSG_browser_action_inactive_title__" }, "version": "3.92.10", "background": { "service_worker": "background.js" }, "short_name": "__MSG_esn__", "update_url": "https://clients2.google.com/service/update2/crx", "description": "__MSG_extension_description__", "permissions": [ "proxy", "storage", "webRequest", "alarms", "background", "browsingData", "declarativeNetRequest", "scripting", "webRequestAuthProvider" ], "homepage_url": "https://browsec.com/", "default_locale": "en", "content_scripts": [ { "js": [ "browsecSiteContentScript.js" ], "run_at": "document_start", "matches": [ "https://*/*" ] }, { "js": [ "timezoneChange.js" ], "run_at": "document_start", "matches": [ "http://*/*", "https://*/*" ] } ], "host_permissions": [ "<all_urls>" ], "manifest_version": 3, "optional_permissions": [ "management", "privacy", "tabs" ], "minimum_chrome_version": "108.0", "content_security_policy": { "extension_pages": "default-src 'none'; script-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' data: https://*.google.com https://*.gstatic.com chrome:; font-src 'self'; object-src 'none'; connect-src 'self' https: http://detectportal.firefox.com http://*/api/test http://connectivitycheck.android.com http://example.com http://*.webstat.me http://*.webstat.me/* http://www.root-servers.org http://prmsrvs.com http://*.prmsrvs.com http://trafcfy.com http://*.trafcfy.com http://prmdom.com http://*.prmdom.com http://frmdom.com http://*.frmdom.com http://static-fn.com http://*.static-fn.com http://fn-cdn.com http://*.fn-cdn.com http://bd-assets.com http://*.bd-assets.com http://cdnflow.net http://*.cdnflow.net http://promptmesh.net http://*.promptmesh.net http://contentnode.net http://*.contentnode.net http://swiftcdn.org http://*.swiftcdn.org http://rapidwebserve.com http://*.rapidwebserve.com http://datafrenzy.org http://*.datafrenzy.org http://fastcache.xyz http://*.fastcache.xyz http://quickedgecdn.com http://*.quickedgecdn.com http://cacheflow.cloud http://*.cacheflow.cloud http://cacheflow.live http://*.cacheflow.live http://cacheflow.pro http://*.cacheflow.pro http://cachequick.info http://*.cachequick.info http://cachequick.live http://*.cachequick.live http://cachequick.pro http://*.cachequick.pro http://cachequick.xyz http://*.cachequick.xyz http://cdnaccelerate.site http://*.cdnaccelerate.site http://cdnaccelerate.space http://*.cdnaccelerate.space http://cdnaccelerate.xyz http://*.cdnaccelerate.xyz http://cdnexpress.art http://*.cdnexpress.art http://cdnexpress.live http://*.cdnexpress.live http://cdnnetwork.fun http://*.cdnnetwork.fun http://cdnnetwork.live http://*.cdnnetwork.live http://cdnnetwork.xyz http://*.cdnnetwork.xyz http://contentboost.click http://*.contentboost.click http://contentboost.website http://*.contentboost.website http://contentrush.fun http://*.contentrush.fun http://contentrush.space http://*.contentrush.space http://datadispatch.xyz http://*.datadispatch.xyz http://datadistribute.cloud http://*.datadistribute.cloud http://datadistribute.live http://*.datadistribute.live http://edgeaccelerator.space http://*.edgeaccelerator.space http://edgeaccelerator.website http://*.edgeaccelerator.website http://edgecache.fun http://*.edgecache.fun http://edgecache.live http://*.edgecache.live http://edgecache.online http://*.edgecache.online http://edgecache.xyz http://*.edgecache.xyz http://fastcontent.live http://*.fastcontent.live http://fastcontent.store http://*.fastcontent.store http://fastcontent.xyz http://*.fastcontent.xyz http://fastfetch.fun http://*.fastfetch.fun http://fastfetch.info http://*.fastfetch.info http://fastfetch.live http://*.fastfetch.live http://fastfetch.xyz http://*.fastfetch.xyz http://quickcache.click http://*.quickcache.click http://quickcache.space http://*.quickcache.space http://quickcache.website http://*.quickcache.website http://rapidcdn.click http://*.rapidcdn.click http://speedstream.click http://*.speedstream.click http://speedstream.info http://*.speedstream.info http://speedstream.live http://*.speedstream.live http://speedycdn.fun http://*.speedycdn.fun http://speedycdn.space http://*.speedycdn.space http://streamlined.delivery http://*.streamlined.delivery http://streamlineddata.space http://*.streamlineddata.space http://datadistribute.xyz http://*.datadistribute.xyz http://edgeaccelerator.xyz http://*.edgeaccelerator.xyz http://rapidcdn.xyz http://*.rapidcdn.xyz http://speedycdn.xyz http://*.speedycdn.xyz http://streamlineddata.pro http://*.streamlineddata.pro http://speedcdn.me http://*.speedcdn.me http://cdnflow.xyz http://*.cdnflow.xyz http://cdnboost.xyz http://*.cdnboost.xyz http://tiktokcdn.org http://*.tiktokcdn.org http://fastcdn.club http://*.fastcdn.club http://cdnboost.me http://*.cdnboost.me http://edgecdn.org http://*.edgecdn.org http://speedcdn.pro http://*.speedcdn.pro http://cdnboost.org http://*.cdnboost.org http://cdnbridge.org http://*.cdnbridge.org http://cdnrocket.org http://*.cdnrocket.org http://datafrenzy.org http://*.datafrenzy.org http://cdncloudhost.com http://*.cdncloudhost.com http://cdnflare.org http://*.cdnflare.org http://cdnaccelerate.com http://*.cdnaccelerate.com http://swiftcdn.org http://*.swiftcdn.org http://cdnexpress.org http://*.cdnexpress.org http://cdnstreamer.com http://*.cdnstreamer.com http://cdnflow.net http://*.cdnflow.net http://cdnzone.net http://*.cdnzone.net http://speedserve.org http://*.speedserve.org http://staticrush.com http://*.staticrush.com http://contentnode.net http://*.contentnode.net http://bd-assets.com http://*.bd-assets.com http://fastcache.xyz http://*.fastcache.xyz" }, "declarative_net_request": { "rule_resources": [ { "id": "ruleset_1", "path": "rules.json", "enabled": true } ] } }
ⓘ CRXaminer has partnered with our friends at Secure Annex to provide additional findings unique to their platform.
Secure Annex also analyzes extensions from other browsers, IDEs, and can continuously monitor.
Loading Secure Annex data...
Unable to load Secure Annex data.
This extension may not yet be analyzed by Secure Annex.
Detections
0Critical
0
High
0
Medium
0
Low
0
Has Verdicts
Yes
Manifest Findings
0Critical
0
High
0
Medium
0
Low
0
Secure Annex analyzed version: -