FetchV - Video Downloader for m3u8 & hlsSecurity Analysis

Extension intercepts network traffic and sends data externally — potential man-in-the-middle behavior.

Dynamically sets a script's src attribute to load external code at runtime.

Dynamically creates script elements, potentially loading external malicious code.

Injects and executes scripts in web pages programmatically.

JavaScript files are accessible to ALL websites. Any page can load and interact with these scripts, enabling web→extension attacks.

Content script runs at document_start in ALL frames on ALL URLs. This gives the extension deep access to every page load, including iframes.

Sends messages via Chrome runtime, could communicate with external services.

Decodes base64 data, commonly used to hide malicious payloads.

Uses XMLHttpRequest to make network calls.

Line exceeds 5000 characters (entropy: 5.200789378381046)

This extension does not define a Content Security Policy. A CSP helps prevent XSS and code injection attacks.

Web-accessible resources use <all_urls> or wildcard patterns, exposing resources to every website.

Extension uses tab tracking APIs (onUpdated/query) and communicates with external servers — potential browsing surveillance.

Sets innerHTML directly, which can lead to XSS if used with untrusted data.

Encodes data to base64, may be used for data exfiltration.

Reads or writes to localStorage, which may contain sensitive site data.

Creates a Web Worker, which runs code in a separate thread — can be used for background computation or crypto mining.

bootstrap/js/bootstrap.bundle.min.js