Bookmark Favicon ChangerSecurity Analysis

Extension intercepts network traffic and sends data externally — potential man-in-the-middle behavior.

Extension has access to all sites and captures keyboard input — behavior consistent with a keylogger.

Dynamically sets a script's src attribute to load external code at runtime.

Injects and executes scripts in web pages programmatically.

Listens for keyboard events, a common technique used by keyloggers.

Sends messages via Chrome runtime, could communicate with external services.

Decodes base64 data, commonly used to hide malicious payloads.

Modifies window.location to redirect the user, potentially to phishing or malicious pages.

This extension does not define a Content Security Policy. A CSP helps prevent XSS and code injection attacks.

Web-accessible resources use <all_urls> or wildcard patterns, exposing resources to every website.

Encodes data to base64, may be used for data exfiltration.