Adblock for Youtube™Security Analysis

Extension intercepts network traffic and sends data externally — potential man-in-the-middle behavior.

Uses eval() to execute dynamic code, a common technique for obfuscation and code injection.

Creates functions from strings, similar to eval(), often used to hide malicious code.

Dynamically creates script elements, potentially loading external malicious code.

Injects and executes scripts in web pages programmatically.

Uses data URIs to execute code, bypassing content security policies.

Extension tracks open tabs and communicates with external servers — potential browsing surveillance.

Decodes base64 data, commonly used to hide malicious payloads.

Dynamically creates iframe elements, which can be used to load external content or hide malicious UI.

Modifies window.location to redirect the user, potentially to phishing or malicious pages.

Sends messages via Chrome runtime, could communicate with external services.

Line exceeds 5000 characters (entropy: 5.378308390100149)

This extension does not define a Content Security Policy. A CSP helps prevent XSS and code injection attacks.

Sets innerHTML directly, which can lead to XSS if used with untrusted data.

Encodes data to base64, may be used for data exfiltration.

Reads or writes to localStorage, which may contain sensitive site data.

String with entropy 5.95 bits — may be encoded/encrypted data

background.js