loading...
Cover image for Reviewing Google Chrome Extensions Using Crxcavator

Reviewing Google Chrome Extensions Using Crxcavator

ahmedmusaad profile image Ahmed Musaad Originally published at ahmedmusaad.com on ・1 min read

Crxcavator is a project from DUO Security that helps users review the security of Chrome extensions before installing them on their browser.

Crxcavator automatically scans the entire Chrome Web Store every 3 hours and produces a quantified risk score for each Chrome Extension based on several factors. These factors include permissions, inclusion of vulnerable third party javascript libraries, weak content security policies, missing details from the Chrome Web Store description, and more. Organizations can use this tool to assess the Chrome Extensions they have installed and to move towards implementing explicit allow (whitelisting) for their organization.

Testing Google Chrome Extensions Using Crxcavator

To analyze an extension, search for it using its name or its id. If you don’t know the extension id, you can find it in the extension URL, the highlighted part is the id:

chrome.google.com/webstore/detail/session-buddy/ edacconmaakjimmfgnblocblbcdcpbko

Testing Google Chrome Extensions Using Crxcavator

For more information and full documentation, visit the project website: https://crxcavator.io/

Posted on May 19 by:

ahmedmusaad profile

Ahmed Musaad

@ahmedmusaad

I am a security engineer, a programmer, and a hobbyist system administrator.

Discussion

markdown guide