Popup Blocker - Blocks annoying Popups

Version 1.17.5 View in Chrome Web Store

Last scanned: about 2 months ago | force re-scan

Extension Details

Developer: popupsblocker.org

Rating: 3.9 ★ (94 ratings)

Users: 90,000

Context-Aware Verdict

HIGH

Overall Risk

Trust Factors:

The extension has a moderate user base of 90,000 users and a decent rating of 3.9 stars, suggesting some level of user satisfaction. However, the relatively low number of reviews (94) compared to the user count raises questions about user engagement. The developer domain "popupsblocker.org" appears purpose-built for this extension, but lacks established company credentials or transparency about the development team.

Concerns:

The extension requests extremely broad permissions that far exceed what's necessary for basic popup blocking. The combination of tabs permission, scripting capabilities, and <all_urls> access creates a powerful surveillance toolkit. Most legitimate popup blockers operate through declarativeNetRequest rules without requiring script injection into every website. The unlimitedStorage permission is particularly concerning as it could enable extensive data collection and storage. The broad content script injection capability means this extension can read all data on every website you visit, including passwords, personal information, and sensitive communications.

Recommendations:

Consider running this extension in a separate Chrome profile dedicated to non-sensitive browsing if you must use it. Better alternatives would be established popup blockers like uBlock Origin or built-in browser popup blocking features. If you continue using this extension, regularly review what data it might be collecting and consider your browsing habits while it's active. Monitor your system for unusual network activity or performance issues.

Findings

HIGH

Broad Content Script Injection

This extension can inject scripts into any website. This means it could potentially read sensitive data, modify website content, or steal credentials.

HIGH

Broad Host Permissions

This extension has broad host permissions allowing it to access many or all websites. This could potentially be used to steal sensitive data or track browsing activity.

HIGH

High-Risk Permission: tabs

This extension has the tabs permission. Can access browser tab information and manipulate tabs. This could potentially be used maliciously to compromise security or privacy.

MEDIUM

Medium-Risk Permission: storage

This extension has the storage permission. Can store data locally.

MEDIUM

Medium-Risk Permission: unlimitedStorage

This extension has the unlimitedStorage permission. Can store unlimited data locally.

Raw Manifest

{
  "name": "__MSG_appName__",
  "icons": {
    "128": "128.png"
  },
  "version": "1.17.5",
  "background": {
    "service_worker": "serviceworker.js"
  },
  "update_url": "https://clients2.google.com/service/update2/crx",
  "description": "__MSG_appDesc__",
  "permissions": [
    "tabs",
    "storage",
    "declarativeNetRequest",
    "declarativeNetRequestWithHostAccess",
    "unlimitedStorage",
    "alarms",
    "scripting"
  ],
  "default_locale": "en",
  "content_scripts": [
    {
      "js": [
        "content_script.js"
      ],
      "run_at": "document_start",
      "matches": [
        "<all_urls>"
      ],
      "all_frames": true
    }
  ],
  "host_permissions": [
    "<all_urls>"
  ],
  "manifest_version": 3,
  "content_security_policy": {
    "extension_pages": "script-src 'self'; object-src 'self'"
  },
  "web_accessible_resources": [
    {
      "matches": [
        "<all_urls>"
      ],
      "resources": [
        "web-accessible-resources/*",
        "close.html",
        "128.png"
      ],
      "use_dynamic_url": true
    }
  ]
}

by ✦ Astarte

Popup Blocker - Blocks annoying Popups

Extension Details

Context-Aware Verdict

Findings

Security Analysis Details

Required Permissions:

Host Permissions:

Content Security Policy:

Embedded URLs (1 total):

Raw Manifest

Detections

Manifest Findings