ScenerSecurity Analysis

Extension has cookie access and sends data to external servers — potential session token theft.

Creates functions from strings, similar to eval(), often used to hide malicious code.

Accesses browser cookies programmatically, could be used to steal session tokens.

Injects and executes scripts in web pages programmatically.

Dynamically creates script elements, potentially loading external malicious code.

Dynamically sets a script's src attribute to load external code at runtime.

Creates a function from a string (new Function()), similar to eval().

JavaScript files are accessible to ALL websites. Any page can load and interact with these scripts, enabling web→extension attacks.

Extension tracks open tabs and communicates with external servers — potential browsing surveillance.

Sends messages via Chrome runtime, could communicate with external services.

Modifies window.location to redirect the user, potentially to phishing or malicious pages.

Uses document.write() which can inject arbitrary HTML/scripts into pages.

Decodes base64 data, commonly used to hide malicious payloads.

Dynamically creates iframe elements, which can be used to load external content or hide malicious UI.

Line exceeds 5000 characters (entropy: 5.300162437325941)

Web-accessible resources use <all_urls> or wildcard patterns, exposing resources to every website.

Encodes data to base64, may be used for data exfiltration.

Sets innerHTML directly, which can lead to XSS if used with untrusted data.

String with entropy 6.02 bits — may be encoded/encrypted data

object-src is not set to 'none'. Plugins like Flash can be embedded, which may allow code execution.

Extension accepts messages from 24 external pattern(s). Verify these are trusted origins.