Gun Blood

Version 2.3 View in Chrome Web Store

Last scanned: 2 days ago | force re-scan

Extension Details

Developer: http://brasukagames.com.br/

Rating: 3.8 ★ (16 ratings)

Context-Aware Verdict

MEDIUM

Overall Risk

Trust Factors:

The extension has a relatively low rating of 3.8 out of 5 stars with only 16 reviews, indicating limited user adoption and mixed satisfaction. The developer website (brasukagames.com.br) suggests this is a Brazilian gaming company, but the lack of detailed developer information and missing metrics like user count and last update date raise transparency concerns. The extension appears to be a game-related application based on the name "Gun Blood."

Concerns:

The webview permission is concerning for a game extension, as it allows embedding arbitrary web content within the extension environment. This creates potential security risks including cross-site scripting attacks, malicious content injection, and data exfiltration. For a simple game, this permission seems unnecessary and overly broad. The use of Manifest V2 indicates outdated security practices, as newer extensions should migrate to the more secure Manifest V3 framework. The combination of limited user base, unclear update status, and potentially excessive permissions creates additional risk factors.

Recommendations:

Consider running this extension in a separate Chrome profile to isolate potential security risks. Look for alternative game extensions with better security practices, higher ratings, and more transparent development. If you choose to keep it, regularly monitor your browser for unusual behavior and consider removing it if you notice performance issues or suspicious activity. Prioritize extensions that use Manifest V3 and have clear, minimal permission requirements.

Findings

MEDIUM

Medium-Risk Permission: webview

This extension has the webview permission. Can embed web content in the extension.

MEDIUM

Older Manifest Version

This extension uses Manifest Version 2, which has fewer security restrictions than Manifest V3. Consider using extensions that have upgraded to V3.

Raw Manifest

{
  "app": {
    "background": {
      "scripts": [
        "config.js",
        "main.js"
      ]
    }
  },
  "name": "__MSG_application_title__",
  "icons": {
    "16": "icon_16.png",
    "128": "icon_128.png"
  },
  "version": "2.3",
  "update_url": "https://clients2.google.com/service/update2/crx",
  "description": "__MSG_application_description__",
  "permissions": [
    "webview"
  ],
  "default_locale": "en",
  "manifest_version": 2,
  "minimum_chrome_version": "24.0.1307.0"
}

by ✦ Astarte

https://clients2.google.com/service/update2/crx	http://brazucagames.com.br/app-chrome/?play=gun-blood
http://brazucagames.com.br/app-chrome/?play=gun-blood&j	http://developer.chrome.com/apps/app.runtime.html
http://developer.chrome.com/apps/app.window.html

Gun Blood

Extension Details

Context-Aware Verdict

Findings

Security Analysis Details

Required Permissions:

Embedded URLs (5 total):

Raw Manifest

Detections

Manifest Findings