UiPath Browser Automation 26.10
Version 26.10.1 View in Chrome Web Store
Extension Details
Context-Aware Verdict
UiPath is a legitimate and well-known robotic process automation (RPA) company with a strong enterprise reputation. The extension has 400,000 users, indicating widespread adoption in business environments. However, the extremely low rating of 2.0 stars from only 9 reviews is concerning and suggests significant user dissatisfaction or functionality issues.
The extensive permission set is appropriate for browser automation but creates substantial security exposure. The management permission allows control over other extensions, while debugger access enables deep system manipulation. The combination of webRequest interception, cookie access, and broad host permissions creates a powerful surveillance capability. The scripting permission with all-URL access means this extension can execute code on any website you visit. The low user rating despite high download numbers suggests potential reliability or privacy issues that users have encountered.
Given the critical risk level, install this extension only in a dedicated Chrome profile used exclusively for UiPath automation tasks. Never use this profile for personal browsing, banking, or accessing sensitive websites. Regularly audit what automation scripts are running and ensure they come from trusted sources within your organization. Consider using enterprise Chrome policies to restrict this extension's usage to specific domains if possible. Monitor network traffic when the extension is active to detect any unexpected data transmission. Only install if you have a legitimate business need for UiPath browser automation.
Findings
Security Analysis Details
Required Permissions:
- management
- nativeMessaging
- tabs
- webNavigation
- debugger
- cookies
- scripting
- webRequest
- downloads
Host Permissions:
- <all_urls>
Content Security Policy:
- extension_pages: script-src 'self'; object-src 'self'
Embedded URLs (7 total):
| https://github.com/webpack/webpack | http://www.google.com | |
| https://github.com/microsoft/tslib | https://www.uipath.com/legal/trust-and-security/legal-terms. | |
| https://clients2.google.com/service/update2/crx | http://www.w3.org/1999/xhtml | |
| http://www.w3.org/2000/svg |
Raw Manifest
{ "name": "UiPath Browser Automation 26.10", "icons": { "16": "uiPath16.png", "32": "uiPath32.png", "48": "uiPath48.png", "128": "uiPath128.png" }, "action": { "default_popup": "" }, "version": "26.10.1", "background": { "service_worker": "BackgroundServiceWorker.js" }, "update_url": "https://clients2.google.com/service/update2/crx", "description": "Expands your browser automation capabilities from Studio desktop.", "permissions": [ "management", "nativeMessaging", "tabs", "webNavigation", "debugger", "cookies", "scripting", "webRequest", "downloads" ], "default_locale": "en", "content_scripts": [ { "js": [ "ContentMain.js" ], "run_at": "document_start", "matches": [ "http://*/*", "https://*/*", "file://*/*" ], "all_frames": true, "match_about_blank": true, "match_origin_as_fallback": true } ], "host_permissions": [ "<all_urls>" ], "manifest_version": 3, "externally_connectable": { "matches": [ "*://*.uipath.com/*" ] }, "content_security_policy": { "extension_pages": "script-src 'self'; object-src 'self'" } }
ⓘ CRXaminer has partnered with our friends at Secure Annex to provide additional findings unique to their platform.
Secure Annex also analyzes extensions from other browsers, IDEs, and can continuously monitor.
This extension may not yet be analyzed by Secure Annex.