Starting analysis...
Proxy manager and switcher
Version 1.0.4 View in Chrome Web Store
Last scanned: 8 days ago
| force re-scan
Extension Details
Developer:
proxy-ipv4.com
Rating:
5.0 ★
(3 ratings)
Users:
523
Context-Aware Verdict
This section provides a Claude-based AI analysis that applies additional context to the risk. Results are not guaranteed to be accurate.
CRITICAL
Overall Risk
Trust Factors:
The extension has very limited trust indicators with only 523 users and just 3 ratings, making it difficult to assess community validation. The developer "proxy-ipv4.com" appears to be associated with a proxy service, which aligns with the extension's purpose but raises questions about data handling practices. The lack of detailed developer information and recent update history further reduces trustworthiness.
Concerns:
The extension's permission set is extremely powerful and concerning for a proxy manager. The combination of webRequest, proxy, webNavigation, and broad host permissions creates a perfect storm for privacy violations and security breaches. The ability to inject content scripts into all websites while intercepting and modifying web requests means this extension could potentially capture login credentials, banking information, and other sensitive data. The declarativeNetRequest permissions add another layer of network control that could be misused for malicious redirects or data exfiltration.
Recommendations:
Given the critical risk level, avoid installing this extension unless absolutely necessary. If you must use it, run it in a completely isolated Chrome profile with no access to personal accounts or sensitive websites. Consider using established proxy solutions with better security track records and transparent privacy policies. Monitor network traffic when the extension is active and regularly audit what data might be accessible to the extension.
Findings
This section provides a detailed analysis of the extension's security posture, without broader context. Assumes worst-case impact.
HIGH
Broad Content Script Injection
This extension can inject scripts into any website. This means it could potentially read sensitive data, modify website content, or steal credentials.
HIGH
Broad Host Permissions
This extension has broad host permissions allowing it to access many or all websites. This could potentially be used to steal sensitive data or track browsing activity.
HIGH
High-Risk Permission: proxy
This extension has the proxy permission. Can control proxy settings. This could potentially be used maliciously to compromise security or privacy.
HIGH
High-Risk Permission: webNavigation
This extension has the webNavigation permission. Can track your web navigation. This could potentially be used maliciously to compromise security or privacy.
HIGH
High-Risk Permission: webRequest
This extension has the webRequest permission. Can intercept and modify web requests. This could potentially be used maliciously to compromise security or privacy.
MEDIUM
Medium-Risk Permission: storage
This extension has the storage permission. Can store data locally.
Security Analysis Details
Required Permissions:
- webRequest
- webRequestAuthProvider
- proxy
- declarativeNetRequest
- declarativeNetRequestFeedback
- storage
- scripting
- webNavigation
Host Permissions:
- http://*/*
- https://*/*
Content Security Policy:
- extension_pages: script-src 'self'; object-src 'self';
Embedded URLs (102 total):
| http://www.w3.org/2000/svg | http://www.w3.org/1999/xlink | |
| http://ip-api.com/json | https://clients2.google.com/service/update2/crx | |
| https://reactjs.org/docs/error-decoder.html?invariant= | http://www.w3.org/XML/1998/namespace | |
| http://www.w3.org/1998/Math/MathML | http://www.w3.org/1999/xhtml | |
| https://faisalman.github.io/ua-parser-js | https://github.com/faisalman/ua-parser-js | |
| https://github.com/remix-run/history/tree/main/docs/api-reference.md#browserhistory | https://github.com/remix-run/history/tree/main/docs/api-reference.md#createbrowserhistory | |
| https://github.com/remix-run/history/tree/main/docs/api-reference.md#hashhistory | https://github.com/remix-run/history/tree/main/docs/api-reference.md#createhashhistory | |
| https://html.spec.whatwg.org/multipage/nav-history-apis.html#shared-history-push/replace-state-steps | https://html.spec.whatwg.org/multipage/structured-data.html#structuredserializeinternal | |
| https://bugzilla.mozilla.org/show_bug.cgi?id=878297 | https://github.com/facebook/regenerator/blob/main/LICENSE | |
| https://github.com/sindresorhus/type-fest | https://reactrouter.com/utils/match-routes | |
| https://reactrouter.com/utils/generate-path | https://reactrouter.com/utils/match-path | |
| https://reactrouter.com/utils/resolve-path | https://mermaid.live/edit#pako:eNqVkc9OwzAMxl8l8nnjAYrEtDIOHEBIgwvKJTReGy3_lDpIqO27k6awMG0XcrLlnz87nwdonESogKXXBuE79rq75XZO3-yHds0RJVuv70YrPlUrCEe2HfrORS3rubqZfuhtpg5C9wk5tZ4VKcRUq88q9Z8RS0-48cE1iHJkL0ugbHuFLus9L6spZy8nX9MP2CNdomVaposqu3fGayT8T8-jJQwhepo_UtpgBQaDEUom04dZhAN1aJBDlUKJBxE1ceB2Smj0Mln-IBW5AFU2dwUiktt_2Qaq2dBfaKdEup85UV7Yd-dKjlnkabl2Pvr0DTkTreM | |
| https://github.com/remix-run/remix/issues/927 | https://html.spec.whatwg.org/multipage/form-control-infrastructure.html#plain-text-form-data | |
| https://httpwg.org/specs/rfc9110.html#field.content-type | https://fetch.spec.whatwg.org/#concept-method | |
| https://fetch.spec.whatwg.org/#dom-request | https://html.spec.whatwg.org/multipage/form-control-infrastructure.html#converting-an-entry-list-to-a-list-of-name-value-pairs | |
| https://reactrouter.com/hooks/use-href | https://reactrouter.com/hooks/use-in-router-context | |
| https://reactrouter.com/hooks/use-location | https://reactrouter.com/hooks/use-navigation-type | |
| https://reactrouter.com/hooks/use-match | https://github.com/facebook/react/pull/26395 | |
| https://reactrouter.com/hooks/use-navigate | https://reactrouter.com/hooks/use-outlet-context | |
| https://reactrouter.com/hooks/use-outlet | https://reactrouter.com/hooks/use-params | |
| https://reactrouter.com/hooks/use-resolved-path | https://reactrouter.com/hooks/use-routes | |
| https://reactrouter.com/routers/picking-a-router. | https://github.com/remix-run/react-router/issues/10579 | |
| https://reactrouter.com/router-components/memory-router | https://reactrouter.com/components/navigate | |
| https://reactrouter.com/components/outlet | https://reactrouter.com/components/route | |
| https://reactrouter.com/router-components/router | https://reactrouter.com/components/routes | |
| https://reactrouter.com/utils/create-routes-from-children | https://bugzilla.mozilla.org/show_bug.cgi?id=1414602 | |
| https://bugzilla.mozilla.org/show_bug.cgi?id=1023984 | https://github.com/ungap/url-search-params | |
| https://polyfill.io/v3/ | https://redux.js.org/usage/deriving-data-selectors#optimizing-selectors-with-memoization | |
| http://www.google.com | https://nodejs.org/api/http.html#http_message_headers | |
| http://url.spec.whatwg.org/#urlutils | https://proxy-ipv4.com | |
| https://bit.ly/3cXEKWf | https://github.com/facebook/hermes/issues/274 | |
| https://github.com/facebook/fbjs/blob/c69904a511b900266935168223063dd8772dfc40/packages/fbjs/src/core/shallowEqual.js | https://github.com/facebook/react/blob/master/packages/shared/formatProdErrorMessage.js | |
| https://redux.js.org/Errors?code= | https://github.com/jonschlinkert/kind-of | |
| https://redux.js.org/introduction/why-rtk-is-redux-today | https://redux.js.org/tutorials/fundamentals/part-4-store#creating-a-store-with-enhancers | |
| https://redux.js.org/api/store#subscribelistener | https://redux.js.org/tutorials/fundamentals/part-4-store#middleware | |
| https://redux.js.org/tutorials/fundamentals/part-6-async-logic#using-the-redux-thunk-middleware | https://github.com/tc39/proposal-observable | |
| https://redux.js.org/tutorials/fundamentals/part-4-store#writing-custom-middleware | https://github.com/kolodny/jsan | |
| https://developer.mozilla.org/en/docs/Web/JavaScript/Reference/Global_Objects/JSON/stringify#The_replacer_parameter | https://github.com/zalmoxisus/remotedev-serialize/blob/master/helpers/index.js#L4 | |
| https://cloud.githubusercontent.com/assets/7957859/21814330/a17d556a-d761-11e6-85ef-159dd12f36c5.png | https://developer.mozilla.org/en/docs/Web/JavaScript/Reference/Global_Objects/JSON/parse#Using_the_reviver_parameter | |
| https://github.com/zalmoxisus/remotedev-serialize/blob/master/immutable/serialize.js#L8-L41 | https://github.com/zalmoxisus/remotedev-serialize |
Page 1 of 2
Raw Manifest
{ "name": "Proxy manager and switcher", "icons": { "16": "assets/favicons/favicon-16x16-light.png", "48": "assets/favicons/favicon-48x48-light.png", "128": "assets/favicons/android-chrome-192x192-light.png", "256": "assets/favicons/android-chrome-512x512-light.png", "512": "assets/favicons/android-chrome-512x512-light.png" }, "action": { "default_popup": "index.html", "default_title": "Proxy Ipv4" }, "version": "1.0.4", "background": { "service_worker": "background.js" }, "update_url": "https://clients2.google.com/service/update2/crx", "description": "The addon is designed to manage IP addresses purchased on the Proxy-IPv4 service.", "permissions": [ "webRequest", "webRequestAuthProvider", "proxy", "declarativeNetRequest", "declarativeNetRequestFeedback", "storage", "scripting", "webNavigation" ], "content_scripts": [ { "js": [ "data/inject/isolated.js" ], "world": "ISOLATED", "run_at": "document_start", "matches": [ "*://*/*" ], "all_frames": true, "exclude_matches": [ "*://www.google.com/recaptcha/*", "*://challenges.cloudflare.com/*", "*://hcaptcha.com/*" ], "match_about_blank": true }, { "js": [ "data/inject/main.js" ], "world": "MAIN", "run_at": "document_start", "matches": [ "*://*/*" ], "all_frames": true, "exclude_matches": [ "*://www.google.com/recaptcha/*", "*://challenges.cloudflare.com/*", "*://hcaptcha.com/*" ], "match_about_blank": true } ], "host_permissions": [ "http://*/*", "https://*/*" ], "manifest_version": 3, "content_security_policy": { "extension_pages": "script-src 'self'; object-src 'self';" }, "web_accessible_resources": [ { "matches": [ "<all_urls>" ], "resources": [ "build/*" ] } ] }
ⓘ CRXaminer has partnered with our friends at Secure Annex to provide additional findings unique to their platform.
Secure Annex also analyzes extensions from other browsers, IDEs, and can continuously monitor.
Loading Secure Annex data...
Unable to load Secure Annex data.
This extension may not yet be analyzed by Secure Annex.
Detections
0Critical
0
High
0
Medium
0
Low
0
Has Verdicts
Yes
Manifest Findings
0Critical
0
High
0
Medium
0
Low
0
Secure Annex analyzed version: -