ExtSafe

Avira Password ManagerSecurity Analysis

Chromev2.21.0.5015MV3February 16, 2026 at 03:01 PM
9.4CRITICAL
9.4 CRITICAL

This extension shows critical risk indicators. It requests highly sensitive permissions combined with suspicious code patterns. Proceed with extreme caution.

Based on 16 permissions including high-risk ones, 222 code findings, 5 dangerous combinations.

Dangerous Combinations(5)

CRITICALCookie access + external network

Extension has cookie access and sends data to external servers — potential session token theft.

cookies+external network request
HIGHTab tracking + external communication

Extension tracks open tabs and communicates with external servers — potential browsing surveillance.

tabs+external network request
CRITICALNetwork interception + external communication

Extension intercepts network traffic and sends data externally — potential man-in-the-middle behavior.

webRequest/webRequestBlocking+external network request
CRITICALNative messaging + dynamic code execution

Extension communicates with native apps and executes dynamic code — potential sandbox escape vector.

nativeMessaging+eval/Function/dynamic code
CRITICALAll-sites access + keyboard capture

Extension has access to all sites and captures keyboard input — behavior consistent with a keylogger.

<all_urls>+keylogger_pattern
Permissions
10.0/10
Code
10.0/10
Combinations
10.0/10
Manifest/CSP
3.9/10

Permissions(16 analyzed)

Code Findings(25 patterns, 222 total)

Libraries(16 detected)

16 libraries detected

Content Security Policy

CSP Present(1 issue)
LOW
object-srcobject-src not restricted

object-src is not set to 'none'. Plugins like Flash can be embedded, which may allow code execution.

Manifest Analysis(2 findings)

Resolved from __MSG_* i18n placeholders:

Description: Avira Password Manager saves, manages, and syncs all your passwords across all your devices.

MEDIUM
web_accessible_resources.matchesOverly broad match patterns

Web-accessible resources use <all_urls> or wildcard patterns, exposing resources to every website.

LOW
externally_connectableExternal messaging enabled

Extension accepts messages from 1 external pattern(s). Verify these are trusted origins.

External Domains(51)

17opm4zg7e.execute-api.eu-west-1.amazonaws.com5w2zr57dczhtnkauhyvfbcipxm.appsync-api.eu-west-1.amazonaws.comaaddons.mozilla.orgapi.my.avira.comautoscaling.amazonaws.comavira-password-manager.firebaseio.combblueimp.netcloudformation.amazonaws.comcloudfront.amazonaws.comextensions.avira.comfb.mefirebaseinstallations.googleapis.comformatjs.iogit.iogithub.comhandlebarsjs.comidentitysafe.norton.comjquery.comjquery.orgjs.foundationlodash.commarionettejs.commicrosoftedge.microsoft.comncs-ds.avira.comncs-spoc-np-6568f.firebaseio.comncs-spoc.firebaseio.comopensource.orgpajhome.org.ukreactjs.orgredux.js.orgrs.avira.comrv22n44kt5dpxeytw7c3bqmtla.appsync-api.eu-central-1.amazonaws.coms3.eu-central-1.amazonaws.comsafari-extensions.apple.comsentry.avira.netsizzlejs.comspoc.avira.comspocnotify.avira.comtamh9wgwol.execute-api.eu-central-1.amazonaws.comunderscorejs.orgvvw4btjrqe.execute-api.eu-central-1.amazonaws.comwww-cs-students.stanford.eduwww.apache.orgwww.google-analytics.comwww.opensource.orgwww.research.netxxn--e1aybcz579c.app.goo.gl

Indicators of Compromise

370 indicators of compromise found

File Statistics

169
Total Files
14
JS Files
29.3 MB
Total Size

Other Scanned Extensions

Urban VPN Proxy
8.2 CRITICAL
BrowserGPT: ChatGPT Anywhere Powered by GPT 4
8.2 CRITICAL
MyJDownloader Browser Extension
8.4 CRITICAL
__MSG_appName__
8.0 CRITICAL
HARPA AI: Web Automation with ChatGPT, Claude, Gemini, Grok
9.8 CRITICAL
Phantom
9.6 CRITICAL