Starting analysis...
Sound Booster - increase volume up
Version 1.0.11 View in Chrome Web Store
Extension Details
Context-Aware Verdict
The extension has a substantial user base of 2 million users and maintains a solid 4.5-star rating from over 13,000 reviews, suggesting legitimate functionality. The developer operates from a dedicated domain (sound-ultimate.com) which adds some credibility. However, the high user count alone doesn't guarantee safety, as malicious extensions can accumulate users before revealing harmful behavior.
The extension's permissions are excessive for a simple volume booster. The combination of tabs permission, broad host permissions (<all_urls>), and content script injection across all websites creates significant privacy and security risks. A legitimate volume booster should only need audio-related permissions, not the ability to access and manipulate content on every website you visit. The tabCapture permission, while potentially necessary for audio processing, combined with broad access permissions raises red flags about potential data collection or surveillance capabilities.
Consider running this extension in a separate Chrome profile to isolate it from your main browsing activities and sensitive accounts. Before installation, verify if your browser's built-in volume controls or system audio settings can meet your needs instead. If you must use this extension, regularly review its behavior and consider alternatives with more limited permissions. Monitor your system for unusual network activity or performance issues after installation.
Findings
Security Analysis Details
Required Permissions:
- tabs
- tabCapture
- storage
- system.display
- offscreen
Host Permissions:
- <all_urls>
Embedded URLs (9 total):
| http://www.w3.org/2000/svg | https://sizzlejs.com/ | |
| https://js.foundation/ | https://jquery.com/ | |
| https://jquery.org/license | https://microsoftedge.microsoft.com/addons/detail/ | |
| https://chrome.google.com/webstore/detail/ | https://sound-ultimate.com/feedback/feedback.html | |
| https://clients2.google.com/service/update2/crx |
Raw Manifest
{ "name": "__MSG_app_name__", "icons": { "16": "icons/icon-logo.png", "32": "icons/icon-logo.png", "48": "icons/icon-logo.png", "128": "icons/icon-logo.png" }, "action": { "default_icon": { "19": "icons/icon-logo.png", "38": "icons/icon-logo.png" }, "default_popup": "popup.html", "default_title": "__MSG_app_name__" }, "version": "1.0.11", "background": { "service_worker": "js/service_worker.js" }, "update_url": "https://clients2.google.com/service/update2/crx", "description": "__MSG_app_description__", "permissions": [ "tabs", "tabCapture", "storage", "system.display", "offscreen" ], "default_locale": "en", "content_scripts": [ { "js": [ "js/libs/jquery.min.js", "js/content.js" ], "css": [ "css/content.css" ], "run_at": "document_idle", "matches": [ "<all_urls>" ] } ], "host_permissions": [ "<all_urls>" ], "manifest_version": 3, "web_accessible_resources": [ { "matches": [ "<all_urls>" ], "resources": [ "*.css" ] } ] }
ⓘ CRXaminer has partnered with our friends at Secure Annex to provide additional findings unique to their platform.
Secure Annex also analyzes extensions from other browsers, IDEs, and can continuously monitor.
This extension may not yet be analyzed by Secure Annex.