Starting analysis...
Cloaq - Location Guard & Locale Switcher
Version 1.2.2 View in Chrome Web Store
Last scanned: about 2 months ago
| force re-scan
Extension Details
Developer:
cloaq.org
Rating:
4.8 ★
(123 ratings)
Users:
40,000
Context-Aware Verdict
This section provides a Claude-based AI analysis that applies additional context to the risk. Results are not guaranteed to be accurate.
HIGH
Risk Level
Trust Factors:
- The extension has a relatively high number of users (40,000), which suggests some level of trust and popularity.
- The developer's website (cloaq.org) appears to be a legitimate organization focused on privacy and security tools.
- The extension has a high rating (4.8/5) from 123 reviews, indicating general user satisfaction.
Concerns:
- The extension requests the "webNavigation" permission, which allows it to track and potentially intercept your web browsing activity. This raises privacy concerns and could potentially be exploited for malicious purposes.
- The "debugger" permission enables the extension to debug and manipulate other extensions or applications, which could be a security risk if the extension is compromised or has vulnerabilities.
- The "storage" permission, while relatively low-risk, allows the extension to store data locally, which could potentially include sensitive information.
Recommendations:
- Exercise caution when installing this extension, as it has access to sensitive browsing data and debugging capabilities.
- Consider running the extension in a separate browser profile or a sandboxed environment to isolate it from your main browsing activity.
- Regularly review the extension's permissions and behavior, and uninstall it if you notice any suspicious activity or privacy concerns.
- Keep the extension updated to the latest version to ensure any security vulnerabilities are patched.
- If you have concerns about the extension's privacy practices or potential risks, consider using alternative location-spoofing or locale-switching tools from reputable sources.
Security Analysis
This section provides a detailed analysis of the extension's security posture, without broader context. Assumes worst-case impact.
HIGH
Overall Risk
Based on 3 total findings, ranked without considering overall context, including 2 high-risk and 1 medium-risk findings.
HIGH
High-Risk Permission: debugger
This extension has the debugger permission. Can debug and manipulate other extensions/apps. This could potentially be used maliciously to compromise security or privacy.
HIGH
High-Risk Permission: webNavigation
This extension has the webNavigation permission. Can track your web navigation. This could potentially be used maliciously to compromise security or privacy.
MEDIUM
Medium-Risk Permission: storage
This extension has the storage permission. Can store data locally.
Security Analysis Details
Required Permissions:
- storage
- webNavigation
- debugger
Embedded URLs (8 total):
| https://tailwindcss.com | https://www.chromium.org/developers/how-tos/run-chromium-with-flags/ | |
| https://chromewebstore.google.com/detail/fcalilbnpkfikdppppppchmkdipibalb/reviews | https://github.com/www1z4rd/cloaq | |
| http://www.w3.org/2000/svg | https://chromewebstore.google.com/ | |
| http://ip-api.com/json?fields=status | https://clients2.google.com/service/update2/crx |
Raw Manifest
{ "name": "__MSG_extName__", "icons": { "128": "img/icon.png" }, "action": { "default_icon": { "128": "img/icon.png" }, "default_popup": "html/popup.html" }, "author": "Cloaq", "version": "1.2.2", "background": { "type": "module", "service_worker": "js/background.js" }, "update_url": "https://clients2.google.com/service/update2/crx", "description": "__MSG_extDesc__", "permissions": [ "storage", "webNavigation", "debugger" ], "options_page": "html/info.html", "default_locale": "en", "manifest_version": 3 }
Secure Annex (beta)
Coming soon...