Starting analysis...
Amazon Price Tracker
Version 1.1 View in Chrome Web Store
Extension Details
Context-Aware Verdict
The extension has a very small user base of only 661 users, which limits community validation. While it maintains a decent 4.5-star rating, this is based on only 8 reviews, making it statistically insignificant. The lack of developer information and company details raises transparency concerns. The extension targets a legitimate use case (Amazon price tracking) but operates with minimal oversight.
The most significant red flag is the broad host permissions (*://*/*) which grants access to all websites, far exceeding what's necessary for Amazon price tracking. The tabs permission allows manipulation of browser tabs and access to sensitive tab information. While the content scripts are appropriately scoped to Amazon domains, the overly broad host permissions create unnecessary attack surface. The combination of storage, notifications, and extensive web access could enable data collection beyond the stated purpose.
Given the high risk profile, consider running this extension in a separate Chrome profile to isolate potential security impacts. The broad permissions are disproportionate to the functionality - a legitimate Amazon price tracker should only need access to Amazon domains. Look for alternative extensions with more restrictive permissions and larger user bases. If you must use this extension, regularly review your stored data and be cautious about sensitive browsing while it's active. Consider disabling it when not actively price tracking on Amazon.
Findings
Security Analysis Details
Required Permissions:
- storage
- notifications
- activeTab
- offscreen
- tabs
Host Permissions:
- *://*/*
Embedded URLs (9 total):
| https://chromestore.tilda.ws/amazonpricetrackeruninstall | https://chromestore.tilda.ws/amazonpricetrackerwelcome | |
| https://clients2.google.com/service/update2/crx | http://127.0.0.1: | |
| https://unpkg.com/ionicons@4.5.10-0/dist/css/ionicons.min.css | https://www.amazon.com/ | |
| https://chromewebstore.google.com/detail/ibfooemeaglbjclkdjpbjbbakpgmjmog/reviews | https://forms.gle/CD4NJYUNXewE3EtD8 | |
| https://cdnjs.cloudflare.com/ajax/libs/ionicons/4.5.10-0/css/ionicons.min.css |
Raw Manifest
{ "name": "__MSG_appName__", "icons": { "32": "icons/icon32.png", "48": "icons/icon48.png", "128": "icons/icon128.png" }, "action": { "default_icon": { "32": "icons/icon32.png" }, "default_popup": "popup.html" }, "version": "1.1", "background": { "service_worker": "background.js" }, "update_url": "https://clients2.google.com/service/update2/crx", "description": "__MSG_shortDesc__", "permissions": [ "storage", "notifications", "activeTab", "offscreen", "tabs" ], "default_locale": "en", "content_scripts": [ { "js": [ "content.js" ], "matches": [ "*://*.amazon.com/*", "*://*.amazon.ca/*", "*://*.amazon.com.mx/*", "*://*.amazon.com.br/*", "*://*.amazon.co.uk/*", "*://*.amazon.de/*", "*://*.amazon.fr/*", "*://*.amazon.it/*", "*://*.amazon.es/*", "*://*.amazon.nl/*", "*://*.amazon.se/*", "*://*.amazon.pl/*", "*://*.amazon.com.tr/*", "*://*.amazon.ae/*", "*://*.amazon.sa/*", "*://*.amazon.eg/*", "*://*.amazon.in/*", "*://*.amazon.co.jp/*", "*://*.amazon.cn/*", "*://*.amazon.com.au/*", "*://*.amazon.sg/*", "*://*.amazon.com.be/*", "*://*.amazon.com.ar/*" ] } ], "host_permissions": [ "*://*/*" ], "manifest_version": 3 }
ⓘ CRXaminer has partnered with our friends at Secure Annex to provide additional findings unique to their platform.
Secure Annex also analyzes extensions from other browsers, IDEs, and can continuously monitor.
This extension may not yet be analyzed by Secure Annex.