AHA Music - Song Finder for BrowserSecurity Analysis

Chromev2.0.5MV3March 15, 2026 at 01:12 PM

Use with caution

This extension requests significant permissions. It has 1M+ users, a 4.0 star rating, but review the findings below.

5.2MEDIUM

5.2 MEDIUMRaw: 6.5

This extension shows some risk signals that are common in legitimate extensions but worth reviewing. Check the details below.

Based on 7 permissions including high-risk ones, 21 code findings.

Trust Signals(5.3/10)

Users

1.0M

Rating

4.0(4K reviews)

Status

Featured

Permissions

9.0/10

Code

8.5/10

Combinations

0.0/10

Manifest/CSP

5.3/10

Permissions(7 analyzed)

Code Findings(11 patterns, 21 total)

Libraries(3 detected)

3 libraries detected

Content Security Policy

CSP Present(2 issues)

CRITICAL

script-srcunsafe-eval allowed

The 'unsafe-eval' source allows eval(), new Function(), and similar dynamic code execution — a major code injection risk.

LOW

object-srcobject-src not restricted

object-src is not set to 'none'. Plugins like Flash can be embedded, which may allow code execution.

Manifest Analysis(1 finding)

Resolved from __MSG_* i18n placeholders:

Name: AHA Music - Song Finder for Browser

Description: What is the song? Song identifier tells you!

MEDIUM

content_scriptsContent script injected on all URLs

Content script matches <all_urls>, executing on every website the user visits.

External Domains(10)

extension.doreso.comgithub.comjquery.comjquery.orgjs.foundationmomentjs.comsizzlejs.comwww.acrcloud.comwww.aha-music.comwww.buymeacoffee.com

Indicators of Compromise

10 indicators of compromise found

File Statistics

37

Total Files

4

JS Files

491.3 KB

Total Size

Other Scanned Extensions

Obsidian Web Clipper

Save Image As...

Image downloader - Imageye

uBlock Origin Lite