Starting analysis...
Browsec VPN - Free VPN for Chrome
Version 3.92.12 View in Chrome Web Store
Last scanned: 8 days ago
| force re-scan
Extension Details
Developer:
browsec.com
Rating:
4.4 ★
(37.8K ratings)
Users:
7,000,000
Context-Aware Verdict
This section provides a Claude-based AI analysis that applies additional context to the risk. Results are not guaranteed to be accurate.
HIGH
Overall Risk
Trust Factors:
The extension has strong user adoption with 7 million users and a solid 4.4-star rating from nearly 38,000 reviews, indicating general user satisfaction. The developer browsec.com appears to be an established VPN service provider. The high user count suggests the extension has been available for some time and has built a user base, which provides some credibility.
Concerns:
The extension's permission set is extremely powerful and concerning for a VPN service. The proxy permission is expected for VPN functionality, but the combination with webRequest creates significant privacy risks as it can intercept and potentially modify all web traffic. The broad host permissions allowing access to all websites amplifies these concerns. The extensive CSP policy listing numerous suspicious domains (many with generic names like "fastcache.xyz", "cdnflow.net") raises red flags about potential data collection or ad injection. The scripting permission combined with content scripts on all HTTP/HTTPS sites could enable code injection. The browsingData permission allows access to browsing history and other sensitive browser data.
Recommendations:
Consider using this extension in a separate Chrome profile to isolate potential risks from your main browsing activities. Regularly review what data the extension might be collecting through its privacy policy. Monitor your network traffic when the VPN is active to ensure it's not injecting unwanted content. Consider alternative VPN solutions with more transparent practices and fewer suspicious domain connections. Be cautious about entering sensitive information while the extension is active.
Findings
This section provides a detailed analysis of the extension's security posture, without broader context. Assumes worst-case impact.
HIGH
Broad Host Permissions
This extension has broad host permissions allowing it to access many or all websites. This could potentially be used to steal sensitive data or track browsing activity.
HIGH
High-Risk Permission: proxy
This extension has the proxy permission. Can control proxy settings. This could potentially be used maliciously to compromise security or privacy.
HIGH
High-Risk Permission: webRequest
This extension has the webRequest permission. Can intercept and modify web requests. This could potentially be used maliciously to compromise security or privacy.
MEDIUM
Medium-Risk Permission: storage
This extension has the storage permission. Can store data locally.
Security Analysis Details
Required Permissions:
- proxy
- storage
- webRequest
- alarms
- background
- browsingData
- declarativeNetRequest
- scripting
- webRequestAuthProvider
Optional Permissions:
- management
- privacy
- tabs
Host Permissions:
- <all_urls>
Content Security Policy:
- extension_pages: default-src 'none'; script-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' data: https://*.google.com https://*.gstatic.com chrome:; font-src 'self'; object-src 'none'; connect-src 'self' https: http://detectportal.firefox.com http://*/api/test http://connectivitycheck.android.com http://example.com http://*.webstat.me http://*.webstat.me/* http://www.root-servers.org http://prmsrvs.com http://*.prmsrvs.com http://trafcfy.com http://*.trafcfy.com http://prmdom.com http://*.prmdom.com http://frmdom.com http://*.frmdom.com http://static-fn.com http://*.static-fn.com http://fn-cdn.com http://*.fn-cdn.com http://bd-assets.com http://*.bd-assets.com http://cdnflow.net http://*.cdnflow.net http://promptmesh.net http://*.promptmesh.net http://contentnode.net http://*.contentnode.net http://swiftcdn.org http://*.swiftcdn.org http://rapidwebserve.com http://*.rapidwebserve.com http://datafrenzy.org http://*.datafrenzy.org http://fastcache.xyz http://*.fastcache.xyz http://quickedgecdn.com http://*.quickedgecdn.com http://cacheflow.cloud http://*.cacheflow.cloud http://cacheflow.live http://*.cacheflow.live http://cacheflow.pro http://*.cacheflow.pro http://cachequick.info http://*.cachequick.info http://cachequick.live http://*.cachequick.live http://cachequick.pro http://*.cachequick.pro http://cachequick.xyz http://*.cachequick.xyz http://cdnaccelerate.site http://*.cdnaccelerate.site http://cdnaccelerate.space http://*.cdnaccelerate.space http://cdnaccelerate.xyz http://*.cdnaccelerate.xyz http://cdnexpress.art http://*.cdnexpress.art http://cdnexpress.live http://*.cdnexpress.live http://cdnnetwork.fun http://*.cdnnetwork.fun http://cdnnetwork.live http://*.cdnnetwork.live http://cdnnetwork.xyz http://*.cdnnetwork.xyz http://contentboost.click http://*.contentboost.click http://contentboost.website http://*.contentboost.website http://contentrush.fun http://*.contentrush.fun http://contentrush.space http://*.contentrush.space http://datadispatch.xyz http://*.datadispatch.xyz http://datadistribute.cloud http://*.datadistribute.cloud http://datadistribute.live http://*.datadistribute.live http://edgeaccelerator.space http://*.edgeaccelerator.space http://edgeaccelerator.website http://*.edgeaccelerator.website http://edgecache.fun http://*.edgecache.fun http://edgecache.live http://*.edgecache.live http://edgecache.online http://*.edgecache.online http://edgecache.xyz http://*.edgecache.xyz http://fastcontent.live http://*.fastcontent.live http://fastcontent.store http://*.fastcontent.store http://fastcontent.xyz http://*.fastcontent.xyz http://fastfetch.fun http://*.fastfetch.fun http://fastfetch.info http://*.fastfetch.info http://fastfetch.live http://*.fastfetch.live http://fastfetch.xyz http://*.fastfetch.xyz http://quickcache.click http://*.quickcache.click http://quickcache.space http://*.quickcache.space http://quickcache.website http://*.quickcache.website http://rapidcdn.click http://*.rapidcdn.click http://speedstream.click http://*.speedstream.click http://speedstream.info http://*.speedstream.info http://speedstream.live http://*.speedstream.live http://speedycdn.fun http://*.speedycdn.fun http://speedycdn.space http://*.speedycdn.space http://streamlined.delivery http://*.streamlined.delivery http://streamlineddata.space http://*.streamlineddata.space http://datadistribute.xyz http://*.datadistribute.xyz http://edgeaccelerator.xyz http://*.edgeaccelerator.xyz http://rapidcdn.xyz http://*.rapidcdn.xyz http://speedycdn.xyz http://*.speedycdn.xyz http://streamlineddata.pro http://*.streamlineddata.pro http://speedcdn.me http://*.speedcdn.me http://cdnflow.xyz http://*.cdnflow.xyz http://cdnboost.xyz http://*.cdnboost.xyz http://tiktokcdn.org http://*.tiktokcdn.org http://fastcdn.club http://*.fastcdn.club http://cdnboost.me http://*.cdnboost.me http://edgecdn.org http://*.edgecdn.org http://speedcdn.pro http://*.speedcdn.pro http://cdnboost.org http://*.cdnboost.org http://cdnbridge.org http://*.cdnbridge.org http://cdnrocket.org http://*.cdnrocket.org http://datafrenzy.org http://*.datafrenzy.org http://cdncloudhost.com http://*.cdncloudhost.com http://cdnflare.org http://*.cdnflare.org http://cdnaccelerate.com http://*.cdnaccelerate.com http://swiftcdn.org http://*.swiftcdn.org http://cdnexpress.org http://*.cdnexpress.org http://cdnstreamer.com http://*.cdnstreamer.com http://cdnflow.net http://*.cdnflow.net http://cdnzone.net http://*.cdnzone.net http://speedserve.org http://*.speedserve.org http://staticrush.com http://*.staticrush.com http://contentnode.net http://*.contentnode.net http://bd-assets.com http://*.bd-assets.com http://fastcache.xyz http://*.fastcache.xyz
Embedded URLs (151 total):
| https://browsec.com | https://gist.githubusercontent.com/brwinfo/0d4c6d2ebbe6fd716a43f0ac9d37ce22/raw | |
| https://gist.githubusercontent.com/brwinfo/ef7f684e524d01137b84313a60e1ed01/raw/ | https://d3i5gqankjg0sg.cloudfront.net/ | |
| https://a703.l461.r761.fastcloudcdn.net/api/ | https://ca901.l503.r843.fastcloudcdn.net/ | |
| https://clients2.google.com/service/update2/crx | https://browsec.com/ | |
| http://detectportal.firefox.com | http://connectivitycheck.android.com | |
| http://example.com | http://www.root-servers.org | |
| http://prmsrvs.com | http://trafcfy.com | |
| http://prmdom.com | http://frmdom.com | |
| http://static-fn.com | http://fn-cdn.com | |
| http://bd-assets.com | http://cdnflow.net | |
| http://promptmesh.net | http://contentnode.net | |
| http://swiftcdn.org | http://rapidwebserve.com | |
| http://datafrenzy.org | http://fastcache.xyz | |
| http://quickedgecdn.com | http://cacheflow.cloud | |
| http://cacheflow.live | http://cacheflow.pro | |
| http://cachequick.info | http://cachequick.live | |
| http://cachequick.pro | http://cachequick.xyz | |
| http://cdnaccelerate.site | http://cdnaccelerate.space | |
| http://cdnaccelerate.xyz | http://cdnexpress.art | |
| http://cdnexpress.live | http://cdnnetwork.fun | |
| http://cdnnetwork.live | http://cdnnetwork.xyz | |
| http://contentboost.click | http://contentboost.website | |
| http://contentrush.fun | http://contentrush.space | |
| http://datadispatch.xyz | http://datadistribute.cloud | |
| http://datadistribute.live | http://edgeaccelerator.space | |
| http://edgeaccelerator.website | http://edgecache.fun | |
| http://edgecache.live | http://edgecache.online | |
| http://edgecache.xyz | http://fastcontent.live | |
| http://fastcontent.store | http://fastcontent.xyz | |
| http://fastfetch.fun | http://fastfetch.info | |
| http://fastfetch.live | http://fastfetch.xyz | |
| http://quickcache.click | http://quickcache.space | |
| http://quickcache.website | http://rapidcdn.click | |
| http://speedstream.click | http://speedstream.info | |
| http://speedstream.live | http://speedycdn.fun | |
| http://speedycdn.space | http://streamlined.delivery | |
| http://streamlineddata.space | http://datadistribute.xyz | |
| http://edgeaccelerator.xyz | http://rapidcdn.xyz | |
| http://speedycdn.xyz | http://streamlineddata.pro | |
| http://speedcdn.me | http://cdnflow.xyz |
Page 1 of 2
Raw Manifest
{ "name": "__MSG_extension_name__", "icons": { "16": "images/icon16.png", "48": "images/icon48.png", "128": "images/icon128.png" }, "action": { "default_icon": { "16": "images/icons/16x16/disabled.png", "19": "images/icons/19x19/disabled.png", "24": "images/icons/24x24/disabled.png", "32": "images/icons/32x32/disabled.png", "38": "images/icons/38x38/disabled.png" }, "default_popup": "popup/popup.html", "default_title": "__MSG_browser_action_inactive_title__" }, "version": "3.92.12", "background": { "service_worker": "background.js" }, "short_name": "__MSG_esn__", "update_url": "https://clients2.google.com/service/update2/crx", "description": "__MSG_extension_description__", "permissions": [ "proxy", "storage", "webRequest", "alarms", "background", "browsingData", "declarativeNetRequest", "scripting", "webRequestAuthProvider" ], "homepage_url": "https://browsec.com/", "default_locale": "en", "content_scripts": [ { "js": [ "browsecSiteContentScript.js" ], "run_at": "document_start", "matches": [ "https://*/*" ] }, { "js": [ "timezoneChange.js" ], "run_at": "document_start", "matches": [ "http://*/*", "https://*/*" ] } ], "host_permissions": [ "<all_urls>" ], "manifest_version": 3, "optional_permissions": [ "management", "privacy", "tabs" ], "minimum_chrome_version": "108.0", "content_security_policy": { "extension_pages": "default-src 'none'; script-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' data: https://*.google.com https://*.gstatic.com chrome:; font-src 'self'; object-src 'none'; connect-src 'self' https: http://detectportal.firefox.com http://*/api/test http://connectivitycheck.android.com http://example.com http://*.webstat.me http://*.webstat.me/* http://www.root-servers.org http://prmsrvs.com http://*.prmsrvs.com http://trafcfy.com http://*.trafcfy.com http://prmdom.com http://*.prmdom.com http://frmdom.com http://*.frmdom.com http://static-fn.com http://*.static-fn.com http://fn-cdn.com http://*.fn-cdn.com http://bd-assets.com http://*.bd-assets.com http://cdnflow.net http://*.cdnflow.net http://promptmesh.net http://*.promptmesh.net http://contentnode.net http://*.contentnode.net http://swiftcdn.org http://*.swiftcdn.org http://rapidwebserve.com http://*.rapidwebserve.com http://datafrenzy.org http://*.datafrenzy.org http://fastcache.xyz http://*.fastcache.xyz http://quickedgecdn.com http://*.quickedgecdn.com http://cacheflow.cloud http://*.cacheflow.cloud http://cacheflow.live http://*.cacheflow.live http://cacheflow.pro http://*.cacheflow.pro http://cachequick.info http://*.cachequick.info http://cachequick.live http://*.cachequick.live http://cachequick.pro http://*.cachequick.pro http://cachequick.xyz http://*.cachequick.xyz http://cdnaccelerate.site http://*.cdnaccelerate.site http://cdnaccelerate.space http://*.cdnaccelerate.space http://cdnaccelerate.xyz http://*.cdnaccelerate.xyz http://cdnexpress.art http://*.cdnexpress.art http://cdnexpress.live http://*.cdnexpress.live http://cdnnetwork.fun http://*.cdnnetwork.fun http://cdnnetwork.live http://*.cdnnetwork.live http://cdnnetwork.xyz http://*.cdnnetwork.xyz http://contentboost.click http://*.contentboost.click http://contentboost.website http://*.contentboost.website http://contentrush.fun http://*.contentrush.fun http://contentrush.space http://*.contentrush.space http://datadispatch.xyz http://*.datadispatch.xyz http://datadistribute.cloud http://*.datadistribute.cloud http://datadistribute.live http://*.datadistribute.live http://edgeaccelerator.space http://*.edgeaccelerator.space http://edgeaccelerator.website http://*.edgeaccelerator.website http://edgecache.fun http://*.edgecache.fun http://edgecache.live http://*.edgecache.live http://edgecache.online http://*.edgecache.online http://edgecache.xyz http://*.edgecache.xyz http://fastcontent.live http://*.fastcontent.live http://fastcontent.store http://*.fastcontent.store http://fastcontent.xyz http://*.fastcontent.xyz http://fastfetch.fun http://*.fastfetch.fun http://fastfetch.info http://*.fastfetch.info http://fastfetch.live http://*.fastfetch.live http://fastfetch.xyz http://*.fastfetch.xyz http://quickcache.click http://*.quickcache.click http://quickcache.space http://*.quickcache.space http://quickcache.website http://*.quickcache.website http://rapidcdn.click http://*.rapidcdn.click http://speedstream.click http://*.speedstream.click http://speedstream.info http://*.speedstream.info http://speedstream.live http://*.speedstream.live http://speedycdn.fun http://*.speedycdn.fun http://speedycdn.space http://*.speedycdn.space http://streamlined.delivery http://*.streamlined.delivery http://streamlineddata.space http://*.streamlineddata.space http://datadistribute.xyz http://*.datadistribute.xyz http://edgeaccelerator.xyz http://*.edgeaccelerator.xyz http://rapidcdn.xyz http://*.rapidcdn.xyz http://speedycdn.xyz http://*.speedycdn.xyz http://streamlineddata.pro http://*.streamlineddata.pro http://speedcdn.me http://*.speedcdn.me http://cdnflow.xyz http://*.cdnflow.xyz http://cdnboost.xyz http://*.cdnboost.xyz http://tiktokcdn.org http://*.tiktokcdn.org http://fastcdn.club http://*.fastcdn.club http://cdnboost.me http://*.cdnboost.me http://edgecdn.org http://*.edgecdn.org http://speedcdn.pro http://*.speedcdn.pro http://cdnboost.org http://*.cdnboost.org http://cdnbridge.org http://*.cdnbridge.org http://cdnrocket.org http://*.cdnrocket.org http://datafrenzy.org http://*.datafrenzy.org http://cdncloudhost.com http://*.cdncloudhost.com http://cdnflare.org http://*.cdnflare.org http://cdnaccelerate.com http://*.cdnaccelerate.com http://swiftcdn.org http://*.swiftcdn.org http://cdnexpress.org http://*.cdnexpress.org http://cdnstreamer.com http://*.cdnstreamer.com http://cdnflow.net http://*.cdnflow.net http://cdnzone.net http://*.cdnzone.net http://speedserve.org http://*.speedserve.org http://staticrush.com http://*.staticrush.com http://contentnode.net http://*.contentnode.net http://bd-assets.com http://*.bd-assets.com http://fastcache.xyz http://*.fastcache.xyz" }, "declarative_net_request": { "rule_resources": [ { "id": "ruleset_1", "path": "rules.json", "enabled": true } ] } }
ⓘ CRXaminer has partnered with our friends at Secure Annex to provide additional findings unique to their platform.
Secure Annex also analyzes extensions from other browsers, IDEs, and can continuously monitor.
Loading Secure Annex data...
Unable to load Secure Annex data.
This extension may not yet be analyzed by Secure Annex.
Detections
0Critical
0
High
0
Medium
0
Low
0
Has Verdicts
Yes
Manifest Findings
0Critical
0
High
0
Medium
0
Low
0
Secure Annex analyzed version: -