Is Geeksend - Email Finder safe?

Findings

Broad Host Permissions

Flags items that declare overly broad host access patterns, enabling interaction with all websites. This level of access can be exploited to inject scripts into trusted sites and increases the risk of sensitive data exposure, cross-site surveillance, and credential harvesting.

medium

Identity & Authentication Permissions

Flags items that request access to user identity or authentication flows. These capabilities may expose session credentials or login behavior, increasing the risk of impersonation, session hijacking, or unauthorized account access.

medium

Low Install Count

Flags items lacking installs on the marketplace, suggesting concerns about the extension's reputation and the publisher's reliability.

low

All findings are available for Enterprise users

Code analysis

AI-powered analysis of the extension's source code for security insights and risk assessment.

Extension Purpose and Intention

The Geeksend - Email Finder extension is designed to help users locate email addresses from various websites efficiently. It offers features like email verification, lead management, and privacy protection, aiming to streamline the process of finding and managing contact information.

Code Analysis

The provided code snippet primarily handles the installation and message handling aspects of the extension. Below is a breakdown of its functionality:

Installation Handling

Function installed(): This function sets a cookie named search_extension_version with the current version of the extension.

chrome.cookies.set({
  name: "search_extension_version",
  url: "https://app.geeksend.com/",
  domain: ".geeksend.com",
  path: "/",
  value: chrome.runtime.getManifest().version,
  expirationDate: new Date/1e3+2592e3,
  secure: !0,
  sameSite: "lax"
}, function(e){});

Purpose: This is likely used to track the version of the extension installed on the user's browser.

Message Handling

Background Message Listener: Listens for messages sent from other parts of the extension.

chrome.runtime.onMessage.addListener(function(e, n, o) {
  console.log("background");
  try {
    if (!e) return !0;
    console.log("background"), o({});
  } catch (e) {
    console.log(e, "1111111");
  }
  return !0;
});

Purpose: This function logs messages to the console and returns a response if a message is received.

External Message Listener: Listens for external messages, specifically checking for a "version" request.

chrome.runtime.onMessageExternal.addListener(function(e, n, o) {
  return e && e.message && "version" == e.message && o({version: chrome.runtime.getManifest().version}), !0;
});

Purpose: Allows external entities to query the extension's version.

Installation Event Listener

On Installed Listener: Triggers the installed() function when the extension is installed.
```
chrome.runtime.onInstalled.addListener(function(e) {
  "install" === e.reason && installed();
});
```
- Purpose: Ensures the installed() function is called upon installation.

Conclusion

Network Activity: The code sets a cookie with the extension version, which is a common practice for version tracking.
API Calls: Utilizes Chrome's runtime and cookies API to manage installation and message handling.
No Malicious Indicators: The code does not exhibit any signs of malicious behavior such as unauthorized data exfiltration, obfuscation, or backdoors.

Malicious Probability

Low: The analyzed code snippet shows no strong indications of malicious activity, focusing primarily on version tracking and message handling.

Permissions

high

api

Permits reading and modifying browser cookies, which can contain sensitive information including login session data and site preferences.

high

tabs

api

Provides access to privileged information about open tabs including URLs, titles, and loading status, beyond basic tab management.

low

https://*/

host

API Calls

API calls detected through static analysis of the source code. For more accurate insights, explore our sandbox dynamic analysis.

high

chrome.cookies.get

chrome

/js/index.js

high

chrome.cookies.set

chrome

/js/background.js

medium

chrome.runtime.getManifest

chrome

/js/background.js

All API calls are available for Enterprise users

Secrets

Any encoded/decoded secrets we managed to find in the source code, git repository, or related files

high

Enterprise Only

medium

Enterprise Only

low

Enterprise Only

SECRETS ARE AVAILABLE FOR ENTERPRISE USERS

Vulnerabilities

Known vulnerabilities and security issues detected in the extension's dependencies and code.

GHSA-jpcq-cgw6-v4j6

Potential XSS vulnerability in jQuery

CVSS:

GHSA-gxr4-xjj5-5px2

Potential XSS vulnerability in jQuery

CVSS:

All vulnerabilities are available for Enterprise users

External communication

Any identifiers we detected that may indicate external communication from the item's code

https://app.geeksend.com/

js/index.js

https://app.geeksend.com/prospects/list/$

js/index.js

https://api.geeksend.com/

js/index.js

All external communications are available for Enterprise users

Dependencies

Dependencies and third-party libraries used by the extension, including version information and license details.

jquery

Version:

3.4.1

All dependencies are available for Enterprise users

Licenses & Compliance

high

Enterprise Only

medium

Enterprise Only

low

Enterprise Only

LICENSES & COMPLIANCE ARE AVAILABLE FOR ENTERPRISE USERS