Extension Details
Rating:
4.6 ★
(213 ratings)
Users:
70,000
Context-Aware Verdict
This section provides a Claude-based AI analysis that applies additional context to the risk. Results are not guaranteed to be accurate.
HIGH
Risk Level
Trust Factors:
- The extension has a relatively high number of users (70,000), which could indicate some level of trust and popularity.
- The rating of 4.6 out of 5 stars from 213 reviews suggests that many users find the extension useful and trustworthy.
- However, the lack of developer information or a reputable company behind the extension raises some concerns about its trustworthiness and accountability.
Concerns:
- The extension has a combination of highly permissive and potentially dangerous permissions, including webRequest, webRequestBlocking, <all_urls>, tabs, and the ability to inject content scripts into any website.
- These permissions could potentially be abused to intercept, modify, or block web traffic, access sensitive data, or compromise the security and privacy of users.
- The use of an older manifest version (v2) also raises some security concerns, as it has fewer restrictions than the newer Manifest V3.
Recommendations:
- Exercise extreme caution when using this extension, as it has a high risk of compromising your security and privacy.
- If you must use this extension, consider running it in a separate Chrome profile or a dedicated browser instance to isolate it from your main browsing activities.
- Regularly monitor the extension's behavior and check for any suspicious activities or unauthorized data access.
- Consider using alternative extensions with more transparent developer information and a better reputation for security and privacy practices.
- Keep your browser and extensions up-to-date to benefit from the latest security improvements and patches.
Security Analysis
This section provides a detailed analysis of the extension's security posture, without broader context. Assumes worst-case impact.
CRITICAL
Overall Risk
Based on 7 total findings, ranked without considering overall context, including 6 high-risk and 1 medium-risk findings.
HIGH
Broad Content Script Injection
This extension can inject scripts into any website. This means it could potentially read sensitive data, modify website content, or steal credentials.
HIGH
Dangerous Permission Combination: webRequest + webRequestBlocking
This extension can intercept, modify, and block web requests in real-time. This combination could be used to modify sensitive web traffic or steal data.
HIGH
High-Risk Permission: <all_urls>
This extension has the <all_urls> permission. Can access all websites and their content. This could potentially be used maliciously to compromise security or privacy.
HIGH
High-Risk Permission: tabs
This extension has the tabs permission. Can access browser tab information and manipulate tabs. This could potentially be used maliciously to compromise security or privacy.
HIGH
High-Risk Permission: webRequest
This extension has the webRequest permission. Can intercept and modify web requests. This could potentially be used maliciously to compromise security or privacy.
HIGH
High-Risk Permission: webRequestBlocking
This extension has the webRequestBlocking permission. Can block and modify web requests in real-time. This could potentially be used maliciously to compromise security or privacy.
MEDIUM
Older Manifest Version
This extension uses Manifest Version 2, which has fewer security restrictions than Manifest V3. Consider using extensions that have upgraded to V3.
Security Analysis Details
Required Permissions:
- webRequest
- webRequestBlocking
- <all_urls>
- tabs
Embedded URLs (32 total):
| http://www.w3.org/1999/xhtml | http://www.fontspring.com/blog/the-new-bulletproof-font-face-syntax | |
| http://www.w3.org/1998/Math/MathML | http://www.w3.org/2000/svg | |
| http://www.ibm.com/data/dtd/v11/ibmxhtml1-transitional.dtd | http://www.w3.org/TR/REC-html40/strict.dtd | |
| http://www.w3.org/TR/html4/strict.dtd | http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd | |
| http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd | http://www.w3.org/1999/xlink | |
| http://www.w3.org/XML/1998/namespace | http://www.w3.org/2000/xmlns/ | |
| http://jshint.com/doc/options/#nonbsp | https://clients2.google.com/service/update2/crx | |
| https://chrome.google.com/webstore/detail/resource-override/pkoacgokdfckfpndoffpifphamojphii | https://addons.mozilla.org/en-US/firefox/addon/resourceoverride/ | |
| https://developer.mozilla.org/en-US/docs/Web/API/WindowBase64/btoa#Unicode_Strings | http://stackoverflow.com/questions/15124995/how-to-wait-for-an-asynchronous-methods-callback-return-value | |
| https://proto.io/freebies/onoff/ | https://www.youtube.com/watch?v=62QIWAP9mMM | |
| http://www.example.com/ | http://www.example.com/some/path/info.txt | |
| https://www.something.com/example/in/path | https://www.example.org/some/other/path | |
| http://www.ex.com/neat.js | http://www.ex.com/js/ | |
| http://www.ex.com/ | http://other.local:8080/second_capture.js | |
| http://any.com | http://ex.com/ | |
| https://github.com/kylepaulsen/http-server | https://github.com/kylepaulsen/ResourceOverride |
Raw Manifest
{ "name": "Resource Override", "icons": { "16": "icons/icon-16x16.png", "48": "icons/icon-48x48.png", "128": "icons/icon-128x128.png" }, "version": "1.3.1", "background": { "page": "src/background/background.html" }, "options_ui": { "page": "src/ui/devtoolstab.html" }, "update_url": "https://clients2.google.com/service/update2/crx", "description": "An extension to help you gain full control of any website by redirecting traffic, replacing, editing, or inserting new content.", "permissions": [ "webRequest", "webRequestBlocking", "<all_urls>", "tabs" ], "devtools_page": "src/ui/devtools.html", "browser_action": { "default_icon": { "16": "icons/icon-16x16.png" } }, "content_scripts": [ { "js": [ "src/inject/scriptInjector.js" ], "run_at": "document_start", "matches": [ "*://*/*" ], "all_frames": true } ], "manifest_version": 2 }
Secure Annex (beta)
Coming soon...