Starting analysis...
Sound Booster - increase volume up
Version 1.0.11 View in Chrome Web Store
Extension Details
Context-Aware Verdict
The extension has a substantial user base of 2 million users and a solid 4.5-star rating from over 12,000 reviews, which suggests legitimate functionality and user satisfaction. The developer maintains a dedicated website (sound-ultimate.com), indicating some level of professionalism. However, the lack of visible last update information raises questions about ongoing maintenance and security updates.
The extension's permissions are excessive for a simple volume booster. The tabs permission combined with <all_urls> host permissions creates a concerning attack surface that far exceeds what's necessary for audio enhancement. The tabCapture permission, while relevant for audio processing, combined with broad content script injection capabilities means this extension can potentially access and manipulate any website you visit. The system.display permission adds another layer of system-level access that seems unnecessary for volume control.
Consider running this extension in a separate Chrome profile to isolate it from your main browsing activities and sensitive accounts. Before installation, verify that simpler volume control solutions (like OS-level audio settings or browser-specific volume controls) cannot meet your needs. If you must use this extension, regularly review your browser's security settings and consider disabling it when not actively needed. Monitor for any unusual browser behavior or unexpected network activity after installation.
Findings
Security Analysis Details
Required Permissions:
- tabs
- tabCapture
- storage
- system.display
- offscreen
Host Permissions:
- <all_urls>
Embedded URLs (9 total):
| http://www.w3.org/2000/svg | https://sizzlejs.com/ | |
| https://js.foundation/ | https://jquery.com/ | |
| https://jquery.org/license | https://microsoftedge.microsoft.com/addons/detail/ | |
| https://chrome.google.com/webstore/detail/ | https://sound-ultimate.com/feedback/feedback.html | |
| https://clients2.google.com/service/update2/crx |
Raw Manifest
{ "name": "__MSG_app_name__", "icons": { "16": "icons/icon-logo.png", "32": "icons/icon-logo.png", "48": "icons/icon-logo.png", "128": "icons/icon-logo.png" }, "action": { "default_icon": { "19": "icons/icon-logo.png", "38": "icons/icon-logo.png" }, "default_popup": "popup.html", "default_title": "__MSG_app_name__" }, "version": "1.0.11", "background": { "service_worker": "js/service_worker.js" }, "update_url": "https://clients2.google.com/service/update2/crx", "description": "__MSG_app_description__", "permissions": [ "tabs", "tabCapture", "storage", "system.display", "offscreen" ], "default_locale": "en", "content_scripts": [ { "js": [ "js/libs/jquery.min.js", "js/content.js" ], "css": [ "css/content.css" ], "run_at": "document_idle", "matches": [ "<all_urls>" ] } ], "host_permissions": [ "<all_urls>" ], "manifest_version": 3, "web_accessible_resources": [ { "matches": [ "<all_urls>" ], "resources": [ "*.css" ] } ] }
ⓘ CRXaminer has partnered with our friends at Secure Annex to provide additional findings unique to their platform.
Secure Annex also analyzes extensions from other browsers, IDEs, and can continuously monitor.
This extension may not yet be analyzed by Secure Annex.