Extension Details
Context-Aware Verdict
The extension has very limited trust indicators with only 1,000 users and just 3 ratings, despite a perfect 5.0 rating. The developer domain "getclearing.co" appears to be related to property management services, which aligns with the Airbnb and VRBO permissions. However, the small user base and limited review history make it difficult to establish strong trust.
The extension exhibits several major red flags that justify the critical risk rating. The combination of cookies, webRequest, and tabs permissions creates a powerful surveillance toolkit that could intercept, modify, and steal sensitive data across websites. The broad content script injection capability (*://*/*) allows the extension to run code on any website you visit, far beyond its stated purpose of working with vacation rental platforms. The webRequest permission is particularly concerning as it can intercept all network traffic, potentially capturing login credentials, payment information, and personal data. The extension's access to sensitive financial domains (Airbnb payments) combined with these broad permissions creates significant privacy and security risks.
Given the critical risk level, avoid installing this extension unless absolutely necessary for business purposes. If you must use it, run it in a completely separate Chrome profile isolated from your personal browsing and sensitive accounts. Regularly audit what data the extension might be collecting and consider alternative solutions with more limited permissions. Monitor your accounts for any suspicious activity if you choose to proceed.
Findings
Security Analysis Details
Required Permissions:
- alarms
- cookies
- storage
- activeTab
- tabs
- webRequest
Host Permissions:
- https://*.airbnb.com/*
- https://*.airbnb.ca/*
- https://airbnb-payments.s3.amazonaws.com/*
- https://*.vrbo.com/*
- https://cas.homeaway.com/auth/vrbo/login*
Embedded URLs (35 total):
| https://clients2.google.com/service/update2/crx | https://airbnb-payments.s3.amazonaws.com/ | |
| https://cas.homeaway.com/auth/vrbo/login | http://www.w3.org/2000/svg | |
| http://www.w3.org/1999/xlink | http://perfectionkills.com/detecting-event-support-without-browser-sniffing/ | |
| https://developer.mozilla.org/en-US/docs/Web/API/CSS/supports | https://gist.github.com/ebidel/3201b36f59f26525eb606663f7b487d0 | |
| http://izitoast.marcelodolce.com | https://www.jsdelivr.com/using-sri-with-dynamic-files | |
| https://github.com/apvarun/toastify-js | https://github.com/mholt/PapaParse | |
| https://fonts.googleapis.com/css?family=Inter | https://www.airbnb.com/resolutions | |
| https://www.airbnb.com/users/transaction_history/000000000/paid | https://app.getclearing.co/api/1.1/wf/chrome-clearing | |
| https://app.getclearing.co/api/1.1/wf/chrome-clearing-account-sync | https://app.getclearing.co/api/1.1/wf/vrbo-extension | |
| https://app.getclearing.co/api/1.1/wf/chrome-screenshot | https://app.getclearing.co/api/1.1/wf/get-airbnb-info | |
| https://app.getclearing.co/api/1.1/wf/process-resolution-payouts | https://www.airbnb.com | |
| https://www.vrbo.com/p/account-settings/ums/profile | https://www.vrbo.com/p/opr/payments/ | |
| https://www.vrbo.com/p/opr/api/refresh | https://api.breezeway.io/graphql | |
| https://hkdk.events/muvkfx3hx4e32z | https://api.breezeway.io/home/v2/?status=active | |
| https://hkdk.events/7xmmi7yyjkl5af | https://api.breezeway.io/task/v4/setting/template | |
| https://hkdk.events/bwj9t7bm0aj8wm | https://api.breezeway.io/task/v5/? | |
| https://api.breezeway.io/task/v5/ | https://hkdk.events/liqpu4ueq8fvi0 | |
| https://hkdk.events/ln92wk35nglm7g |
Raw Manifest
{ "name": "GetClearing", "icons": { "16": "assets/logo.png", "32": "assets/logo.png", "48": "assets/logo.png", "128": "assets/logo.png" }, "action": { "default_icon": "assets/logo.png", "default_popup": "popup/index.html" }, "version": "4.0.3", "background": { "service_worker": "background/index.js" }, "update_url": "https://clients2.google.com/service/update2/crx", "description": "This extension is used with GetClearing.co, a solution for property managers to track their cashflow and automate bookkeeping.", "permissions": [ "alarms", "cookies", "storage", "activeTab", "tabs", "webRequest" ], "content_scripts": [ { "js": [ "lib/toastify.js", "contents/airbnb.js" ], "css": [ "css/css.css" ], "matches": [ "https://*.airbnb.com/users/transaction_history*", "https://*.airbnb.ca/users/transaction_history*" ] }, { "js": [ "lib/izitoast.js", "lib/wcl.js", "contents/screener.js" ], "css": [ "lib/iziToast.css" ], "matches": [ "*://*/*" ] }, { "js": [ "lib/toastify.js", "contents/breezeway.js" ], "matches": [ "https://*.breezeway.io/*" ] } ], "host_permissions": [ "https://*.airbnb.com/*", "https://*.airbnb.ca/*", "https://airbnb-payments.s3.amazonaws.com/*", "https://*.vrbo.com/*", "https://cas.homeaway.com/auth/vrbo/login*" ], "manifest_version": 3 }
ⓘ CRXaminer has partnered with our friends at Secure Annex to provide additional findings unique to their platform.
Secure Annex also analyzes extensions from other browsers, IDEs, and can continuously monitor.
This extension may not yet be analyzed by Secure Annex.