Sound Booster - increase volume up

Version 1.0.10 View in Chrome Web Store

Last scanned: about 1 month ago | force re-scan

Extension Details

Developer: https://sound-ultimate.com/

Rating: 4.5 ★ (9.7K ratings)

Users: 2,000,000

Context-Aware Verdict

HIGH

Risk Level

Trust Factors:

The extension has a substantial user base of 2 million users and a solid 4.5-star rating from nearly 10,000 reviews, which suggests legitimate functionality and user satisfaction. The developer maintains a dedicated website (sound-ultimate.com) which adds some credibility. However, the high user count alone doesn't guarantee safety, as malicious extensions can accumulate users before being detected.

Concerns:

The extension's permissions are excessive for a simple volume booster. The combination of tabs permission, tabCapture, and broad host permissions (<all_urls>) creates significant privacy and security risks. A legitimate volume booster should only need audio-related permissions, not the ability to access all websites, capture tab content, or manipulate browser tabs. The content script injection across all URLs is particularly concerning as it could be used to steal credentials, modify web pages, or track browsing behavior across all sites you visit.

Recommendations:

Consider running this extension in a separate Chrome profile to isolate potential risks from your main browsing activities. Look for alternative volume booster extensions with more limited permissions that only request audio-related access. If you must use this extension, regularly monitor your browser for unusual behavior and avoid using it while accessing sensitive websites like banking or email services. Review the extension's actual functionality to ensure it matches its stated purpose.

Security Analysis

HIGH

Overall Risk

Based on 4 total findings, ranked without considering overall context, including 3 high-risk and 1 medium-risk findings.

HIGH

Broad Content Script Injection

This extension can inject scripts into any website. This means it could potentially read sensitive data, modify website content, or steal credentials.

HIGH

Broad Host Permissions

This extension has broad host permissions allowing it to access many or all websites. This could potentially be used to steal sensitive data or track browsing activity.

HIGH

High-Risk Permission: tabs

This extension has the tabs permission. Can access browser tab information and manipulate tabs. This could potentially be used maliciously to compromise security or privacy.

MEDIUM

Medium-Risk Permission: storage

This extension has the storage permission. Can store data locally.

Raw Manifest

{
  "name": "__MSG_app_name__",
  "icons": {
    "16": "icons/icon-logo.png",
    "32": "icons/icon-logo.png",
    "48": "icons/icon-logo.png",
    "128": "icons/icon-logo.png"
  },
  "action": {
    "default_icon": {
      "19": "icons/icon-logo.png",
      "38": "icons/icon-logo.png"
    },
    "default_title": "__MSG_app_name__"
  },
  "version": "1.0.10",
  "background": {
    "service_worker": "js/service_worker.js"
  },
  "update_url": "https://clients2.google.com/service/update2/crx",
  "description": "__MSG_app_description__",
  "permissions": [
    "tabs",
    "tabCapture",
    "storage",
    "system.display"
  ],
  "default_locale": "en",
  "content_scripts": [
    {
      "js": [
        "js/libs/jquery.min.js",
        "js/content.js"
      ],
      "css": [
        "css/content.css"
      ],
      "run_at": "document_idle",
      "matches": [
        "<all_urls>"
      ]
    }
  ],
  "host_permissions": [
    "<all_urls>"
  ],
  "manifest_version": 3,
  "web_accessible_resources": [
    {
      "matches": [
        "<all_urls>"
      ],
      "resources": [
        "*.css"
      ]
    }
  ]
}

https://jquery.com/	https://sizzlejs.com/
https://jquery.org/license	https://js.foundation/
https://microsoftedge.microsoft.com/addons/detail/	https://chrome.google.com/webstore/detail/
https://clients2.google.com/service/update2/crx

Sound Booster - increase volume up

Extension Details

Context-Aware Verdict

Security Analysis

Security Analysis Details

Required Permissions:

Host Permissions:

Embedded URLs (7 total):

Raw Manifest

Secure Annex (beta)