AppBlock - Block sites & Stay focusedSecurity Analysis

Extension has access to all sites and captures keyboard input — behavior consistent with a keylogger.

Dynamically sets a script's src attribute to load external code at runtime.

Listens for keyboard events, a common technique used by keyloggers.

Dynamically creates script elements, potentially loading external malicious code.

Sends messages via Chrome runtime, could communicate with external services.

Modifies window.location to redirect the user, potentially to phishing or malicious pages.

Makes HTTP requests to external servers, may be used for data exfiltration.

Fetches external URL: https://appblock.mobilesoft.eu/dev/api/security/login/google_access_token

Line exceeds 5000 characters (entropy: 5.306115381163007)

This extension does not define a Content Security Policy. A CSP helps prevent XSS and code injection attacks.

Web-accessible resources use <all_urls> or wildcard patterns, exposing resources to every website.

Content script matches <all_urls>, executing on every website the user visits.

Extension uses tab tracking APIs (onUpdated/query) and communicates with external servers — potential browsing surveillance.

Sets innerHTML directly, which can lead to XSS if used with untrusted data.

next/static/chunks/75fc9c18-25984afe689afff4.js

next/static/chunks/framework-2c79e2a64abdb08b.js