[ new scan ] [ statistics ] [ github ] [ twitter ] [ help ]

CthulhuJs (Anti-Fingerprint)

Version 8.1.0 View in Chrome Web Store

Last scanned: about 3 hours ago

Extension Details

Rating: 4.3 ★ (33 ratings)

Users: 2,000

Context-Aware Verdict

HIGH

Overall Risk

Trust Factors:

The extension has a relatively small user base of only 2,000 users, which limits community validation. However, it maintains a decent rating of 4.3 stars from 33 reviews. The lack of visible developer information raises transparency concerns, making it difficult to assess the creator's reputation or track record. The anti-fingerprinting purpose suggests legitimate privacy protection goals, but this functionality inherently requires extensive permissions.

Concerns:

The extension requests extremely broad permissions that go well beyond typical anti-fingerprinting needs. The combination of tabs, webNavigation, and all_urls permissions creates a powerful surveillance capability that could track all browsing activity across every website. The storage permission allows persistent data collection, while scripting and declarativeNetRequest enable content modification. For an anti-fingerprinting tool, these permissions seem excessive and could facilitate data harvesting or malicious behavior. The small user base and missing developer information compound these technical risks.

Recommendations:

Given the high risk profile, install this extension only in a separate Chrome profile isolated from sensitive browsing activities. Regularly audit what data the extension might be collecting through Chrome's extension management settings. Consider well-established alternatives like uBlock Origin or Privacy Badger that offer similar fingerprinting protection with better transparency and larger user communities. If you must use this extension, avoid accessing sensitive websites while it's active and monitor your browsing performance for unusual behavior.

Findings

HIGH

Broad Host Permissions

This extension has broad host permissions allowing it to access many or all websites. This could potentially be used to steal sensitive data or track browsing activity.

HIGH

High-Risk Permission: tabs

This extension has the tabs permission. Can access browser tab information and manipulate tabs. This could potentially be used maliciously to compromise security or privacy.

HIGH

High-Risk Permission: webNavigation

This extension has the webNavigation permission. Can track your web navigation. This could potentially be used maliciously to compromise security or privacy.

MEDIUM

Medium-Risk Permission: activeTab

This extension has the activeTab permission. Can access the active tab when clicking the extension icon.

MEDIUM

Medium-Risk Permission: notifications

This extension has the notifications permission. Can show notifications.

MEDIUM

Medium-Risk Permission: storage

This extension has the storage permission. Can store data locally.

Security Analysis Details

Required Permissions:

storage
tabs
browsingData
activeTab
background
scripting
webNavigation
notifications
declarativeNetRequest

Host Permissions:

<all_urls>

Content Security Policy:

extension_pages: script-src 'self'; object-src 'self'; frame-src 'self'; child-src 'self';

Embedded URLs (30 total):

http://www.w3.org/2000/svg	https://ip-scan.browserscan.net/sys/config/ip/get-visitor-ip?type=ip-api
https://clients2.google.com/service/update2/crx	https://lxs2000.github.io/cthulhurs-doc/dist/zh/
https://www.browserscan.net	https://abrahamjuliot.github.io/creepjs/
https://pixelscan.net	https://amiunique.org/fingerprint
https://coveryourtracks.eff.org/	https://whoer.net/
https://browserleaks.com/	https://leaksradar.com/
https://nopecha.com/captcha/turnstile	https://nopecha.com/captcha/recaptcha
https://nopecha.com/demo/hcaptcha	https://nopecha.com/demo/awscaptcha
https://nopecha.com/demo/geetest	https://www.paypal.com/ncp/payment/DBRXFKAP2AL9C
https://vuejs.org/error-reference/#runtime-	http://www.w3.org/1998/Math/MathML
http://www.w3.org/1999/xlink	https://element-plus.org/en-US/component/button.html#button-attributes
https://element-plus.org/en-US/component/checkbox.html	https://element-plus.org/en-US/component/radio.html
https://github.com/vuejs/vue-next/pull/2485	https://element-plus.org/en-US/component/dialog.html#slots
https://element-plus.org/en-US/component/drawer.html#slots	https://element-plus.org/zh-CN/component/pagination.html
https://next.vuex.vuejs.org/	https://vuejs.org/images/icons/favicon-96x96.png

Raw Manifest

{
  "name": "CthulhuJs (Anti-Fingerprint)",
  "icons": {
    "16": "assets/logo.png",
    "32": "assets/logo.png",
    "48": "assets/logo.png",
    "128": "assets/logo.png"
  },
  "action": {
    "default_icon": "assets/logo.png",
    "default_popup": "index.html"
  },
  "version": "8.1.0",
  "background": {
    "service_worker": "background/background.js"
  },
  "update_url": "https://clients2.google.com/service/update2/crx",
  "description": "Your browser, your rules — your digital fingerprint, in your control.",
  "permissions": [
    "storage",
    "tabs",
    "browsingData",
    "activeTab",
    "background",
    "scripting",
    "webNavigation",
    "notifications",
    "declarativeNetRequest"
  ],
  "homepage_url": "https://lxs2000.github.io/cthulhurs-doc/dist/zh/",
  "default_locale": "en",
  "content_scripts": [],
  "host_permissions": [
    "<all_urls>"
  ],
  "manifest_version": 3,
  "content_security_policy": {
    "extension_pages": "script-src 'self'; object-src 'self'; frame-src 'self'; child-src 'self';"
  },
  "web_accessible_resources": [
    {
      "matches": [
        "<all_urls>"
      ],
      "resources": [
        "img/*",
        "icon/*",
        "js/*"
      ]
    }
  ]
}

by ✦ Astarte

CthulhuJs (Anti-Fingerprint)

Extension Details

Context-Aware Verdict

Findings

Security Analysis Details

Required Permissions:

Host Permissions:

Content Security Policy:

Embedded URLs (30 total):

Raw Manifest

Detections

Manifest Findings