Starting analysis...
Voice Remaker - Free AI Voice
Version 1.2.2 View in Chrome Web Store
Last scanned: about 2 months ago
| force re-scan
Extension Details
Rating:
4.1 ★
(109 ratings)
Users:
10,000
Context-Aware Verdict
This section provides a Claude-based AI analysis that applies additional context to the risk. Results are not guaranteed to be accurate.
HIGH
Overall Risk
Trust Factors: The extension has a moderate user base of 10,000 users and a decent rating of 4.1 stars from 109 reviews, which suggests some level of user satisfaction. However, the lack of clear developer information and company details raises transparency concerns. The AI voice functionality described aligns with current technology trends, making it plausible but not necessarily trustworthy.
Concerns: The extension exhibits several red flags that justify the high-risk assessment. The combination of downloads permission with broad content script injection across all URLs creates significant security vulnerabilities. The tabs permission allows extensive browser manipulation beyond what's typically needed for voice processing. Most concerning is the ability to inject scripts into every website you visit, which could enable data theft, credential harvesting, or malicious content modification. The storage permission, while common, adds to the risk profile when combined with these other capabilities.
Recommendations: Given the high-risk nature, consider running this extension in a separate Chrome profile to isolate potential damage. Before installation, verify if the voice processing truly requires such broad permissions - legitimate AI voice tools often work through isolated interfaces rather than needing access to all websites. Consider alternative voice tools from established developers with clearer privacy policies. If you must use this extension, regularly monitor your download history and be cautious when visiting sensitive websites while it's active.
Findings
This section provides a detailed analysis of the extension's security posture, without broader context. Assumes worst-case impact.
HIGH
Broad Content Script Injection
This extension can inject scripts into any website. This means it could potentially read sensitive data, modify website content, or steal credentials.
HIGH
High-Risk Permission: downloads
This extension has the downloads permission. Can download files and access download history. This could potentially be used maliciously to compromise security or privacy.
HIGH
High-Risk Permission: tabs
This extension has the tabs permission. Can access browser tab information and manipulate tabs. This could potentially be used maliciously to compromise security or privacy.
MEDIUM
Medium-Risk Permission: activeTab
This extension has the activeTab permission. Can access the active tab when clicking the extension icon.
MEDIUM
Medium-Risk Permission: storage
This extension has the storage permission. Can store data locally.
Security Analysis Details
Required Permissions:
- storage
- downloads
- activeTab
- tabs
Content Security Policy:
- extension_pages: script-src 'self'; object-src 'self'
Embedded URLs (13 total):
| http://www.w3.org/2000/svg | https://vuejs.org/error-reference/#runtime- | |
| http://www.w3.org/1998/Math/MathML | http://www.w3.org/1999/xlink | |
| https://vchanger.ai/api/v1/ai-text-to-audio/audio | https://github.com/uuidjs/uuid#getrandomvalues-not-supported | |
| https://chromewebstore.google.com/detail/voice-remaker-free-ai-voi/pnlgifbohdiadfjllfmmjadcgofbnpoi/reviews | https://cdn.aivocal.io/aivocal/static/logo/logo.png | |
| https://docs.google.com/forms/d/e/1FAIpQLSetd7pvtYIof-ZihUC1Ltpz6-O2faZGn6q_XMVnp3ohYwxWYA/viewform?usp=header | https://discord.gg/Hz7W34mmep | |
| https://aivocal.io | https://clients2.google.com/service/update2/crx | |
| https://aivocal.io/ |
Raw Manifest
{ "name": "__MSG_extName__", "icons": { "16": "icons/16x16.png", "32": "icons/32x32.png", "48": "icons/48x48.png", "128": "icons/128x128.png" }, "action": { "default_icon": { "16": "icons/16x16.png", "32": "icons/32x32.png", "48": "icons/48x48.png", "128": "icons/128x128.png" }, "default_popup": "index.html", "default_title": "__MSG_extName__" }, "version": "1.2.2", "background": { "service_worker": "background.js" }, "update_url": "https://clients2.google.com/service/update2/crx", "description": "__MSG_extDesc__", "permissions": [ "storage", "downloads", "activeTab", "tabs" ], "homepage_url": "https://aivocal.io/", "default_locale": "en", "content_scripts": [ { "js": [ "content-script.js" ], "css": [ "content-script.css" ], "matches": [ "<all_urls>" ] } ], "manifest_version": 3, "content_security_policy": { "extension_pages": "script-src 'self'; object-src 'self'" } }
ⓘ CRXaminer has partnered with our friends at Secure Annex to provide additional findings unique to their platform.
Secure Annex also analyzes extensions from other browsers, IDEs, and can continuously monitor.
Loading Secure Annex data...
Unable to load Secure Annex data.
This extension may not yet be analyzed by Secure Annex.
Detections
0Critical
0
High
0
Medium
0
Low
0
Has Verdicts
Yes
Manifest Findings
0Critical
0
High
0
Medium
0
Low
0
Secure Annex analyzed version: -