Removed from Marketplace
Flags items that have been removed or delisted from the marketplace, potentially due to security vulnerabilities, or malicious behavior. Such extensions pose a risk as they are no longer maintained or patched.
high
Findings
Identity & Authentication Permissions
Flags items that request access to user identity or authentication flows. These capabilities may expose session credentials or login behavior, increasing the risk of impersonation, session hijacking, or unauthorized account access.
medium
Performs IP Fingerprinting
Flags items that actively query external services to determine the device’s public IP address. This behavior is commonly used for fingerprinting, geolocation, or network-based targeting, and may indicate intent to track users, deliver conditional payloads, or evade analysis environments.
medium
All findings are available for Enterprise users
Code analysis
AI-powered analysis of the extension's source code for security insights and risk assessment.
high
Enterprise Only
Enterprise Only
Enterprise Only
medium
Enterprise Only
Enterprise Only
Enterprise Only
low
Enterprise Only
Enterprise Only
Enterprise Only
CODE INSIGHTS ARE AVAILABLE FOR ENTERPRISE USERS
Permissions
high
cookies
api
Permits reading and modifying browser cookies, which can contain sensitive information including login session data and site preferences.
medium
storage
api
Enables persistent data storage for the extension, potentially storing large amounts of user-related information.
low
activeTab
api
Grants temporary access to the current tab's data when triggered by user interaction, limiting scope compared to permanent permissions.
API Calls
API calls detected through static analysis of the source code. For more accurate insights, explore our sandbox dynamic analysis.
medium
chrome.windows.update
chrome
/js/ajax_listener.js
medium
chrome.windows.remove
chrome
/js/ajax_listener.js
low
mediaDevices.getUserMedia
chrome
/js/ajax_listener.js
All API calls are available for Enterprise users
Secrets
Any encoded/decoded secrets we managed to find in the source code, git repository, or related files
high
Enterprise Only
Enterprise Only
Enterprise Only
medium
Enterprise Only
Enterprise Only
Enterprise Only
low
Enterprise Only
Enterprise Only
Enterprise Only
SECRETS ARE AVAILABLE FOR ENTERPRISE USERS
Vulnerabilities
Known vulnerabilities and security issues detected in the extension's dependencies and code.
GHSA-5j4c-8p2g-v4jx
ReDoS vulnerability in vue package that is exploitable through inefficient regex evaluation in the parseHTML function
CVSS:
3.7
All vulnerabilities are available for Enterprise users
External communication
Any identifiers we detected that may indicate external communication from the item's code
http://ip-api.com/json/
js/background.js
https://api.bilibili.com/x/player/v2?cid=
js/background.js
https://extensiondock.com/crx/welcome?name=bil
js/background.js
All external communications are available for Enterprise users
Dependencies
Dependencies and third-party libraries used by the extension, including version information and license details.
vue
Version:
2.7.8
All dependencies are available for Enterprise users
Licenses & Compliance
high
Enterprise Only
Enterprise Only
Enterprise Only
medium
Enterprise Only
Enterprise Only
Enterprise Only
low
Enterprise Only
Enterprise Only
Enterprise Only
LICENSES & COMPLIANCE ARE AVAILABLE FOR ENTERPRISE USERS