[ new scan ] [ statistics ] [ github ] [ twitter ] [ help ]

GigWiz

Version 1.0 View in Chrome Web Store

Last scanned: about 6 hours ago

Extension Details

Rating: 5.0 ★

Users: 2

Context-Aware Verdict

CRITICAL

Overall Risk

Trust Factors:

The extension shows several concerning trust indicators. With only 2 users and a perfect 5.0 rating (likely from minimal reviews), there's insufficient user validation. The lack of developer information, company details, and last updated date raises significant transparency concerns. The extension appears to be newly published or abandoned, making it difficult to assess the developer's credibility or ongoing support.

Concerns:

The permission set is extremely broad and concerning for an extension with such limited adoption. The combination of tabs, clipboardWrite, and nativeMessaging permissions creates a powerful attack surface. The tabs permission allows comprehensive browser monitoring and manipulation, while clipboardWrite enables modification of sensitive clipboard data like passwords or personal information. The nativeMessaging permission is particularly alarming as it allows communication with native applications on your system, potentially bypassing browser security boundaries. The scripting permission combined with these others could enable sophisticated data exfiltration or system compromise.

Recommendations:

Do not install this extension. The risk-to-benefit ratio is unacceptable given the minimal user base, lack of transparency, and excessive permissions. If you must evaluate it, use a completely isolated Chrome profile on a virtual machine with no sensitive data. Consider reporting this extension to Google for review due to the suspicious permission combination and lack of developer transparency.

Findings

HIGH

High-Risk Permission: clipboardWrite

This extension has the clipboardWrite permission. Can modify clipboard content. This could potentially be used maliciously to compromise security or privacy.

HIGH

High-Risk Permission: tabs

This extension has the tabs permission. Can access browser tab information and manipulate tabs. This could potentially be used maliciously to compromise security or privacy.

MEDIUM

Medium-Risk Permission: activeTab

This extension has the activeTab permission. Can access the active tab when clicking the extension icon.

MEDIUM

Medium-Risk Permission: contextMenus

This extension has the contextMenus permission. Can add items to the context menu.

MEDIUM

Medium-Risk Permission: storage

This extension has the storage permission. Can store data locally.

Raw Manifest

{
  "name": "GigWiz",
  "icons": {
    "128": "rounded-logo-gigwiz.png"
  },
  "action": {
    "default_icon": "rounded-logo-gigwiz.png",
    "default_popup": "index.html"
  },
  "version": "1.0",
  "background": {
    "service_worker": "background.js"
  },
  "update_url": "https://clients2.google.com/service/update2/crx",
  "description": "Unlock the Power of Persuasion with AI-Driven Proposals",
  "permissions": [
    "contextMenus",
    "tabs",
    "clipboardWrite",
    "activeTab",
    "scripting",
    "storage",
    "nativeMessaging"
  ],
  "manifest_version": 3
}

by ✦ Astarte

http://127.0.0.1:5002/api	https://scgkeddghi.execute-api.sa-east-1.amazonaws.com/production/api
https://www.gigwiz.xyz/home	https://clients2.google.com/service/update2/crx

GigWiz

Extension Details

Context-Aware Verdict

Findings

Security Analysis Details

Required Permissions:

Embedded URLs (4 total):

Raw Manifest

Detections

Manifest Findings