ExtSafe

Turn Off the LightsSecurity Analysis

Chromev4.6.4MV3February 16, 2026 at 03:36 PM
9.6CRITICAL
9.6 CRITICAL

This extension shows critical risk indicators. It requests highly sensitive permissions combined with suspicious code patterns. Proceed with extreme caution.

Based on 7 permissions including high-risk ones, 106 code findings, 2 dangerous combinations.

Dangerous Combinations(2)

HIGHTab tracking + external communication

Extension tracks open tabs and communicates with external servers — potential browsing surveillance.

tabs+external network request
CRITICALAll-sites access + keyboard capture

Extension has access to all sites and captures keyboard input — behavior consistent with a keylogger.

<all_urls>+keylogger_pattern
Permissions
9.5/10
Code
10.0/10
Combinations
10.0/10
Manifest/CSP
8.2/10

Permissions(7 analyzed)

Code Findings(17 patterns, 106 total)

Content Security Policy

CSP Present

Manifest Analysis(5 findings)

Resolved from __MSG_* i18n placeholders:

Name: Turn Off the Lights

Description: The entire page will be fading to dark, so you can watch the videos as if you were in the cinema. Works for YouTube™ and beyond.

MEDIUM
web_accessible_resourcesJS files exposed to web pages

JavaScript files are exposed as web-accessible resources. Matched websites can load and interact with extension scripts.

HIGH
web_accessible_resourcesJS files exposed to web pages

JavaScript files are accessible to ALL websites. Any page can load and interact with these scripts, enabling web→extension attacks.

MEDIUM
web_accessible_resources.matchesOverly broad match patterns

Web-accessible resources use <all_urls> or wildcard patterns, exposing resources to every website.

MEDIUM
content_scriptsContent script injected on all URLs

Content script matches <all_urls>, executing on every website the user visits.

MEDIUM
content_scriptsContent script injected on all URLs

Content script matches <all_urls>, executing on every website the user visits.

External Domains(97)

(0.static.collegehumor.cvcdn.com192.168.1.1a.blip.tva.vimeocdn.comapi.whatsapp.comblip.tvcan.cbs.comcdn.embedly.comcdn.livestream.comcfiles.5min.comchromewebstore.google.comconnect.qq.comcreativecommons.orgdata.iana.orgdeveloper.apple.comdevelopers.google.comembed.break.comembed.itunes.apple.comembed.ted.comembed.tv.apple.comembeds.vice.comemp.bbc.comfbstatic-a.akamaihd.netflash.pcworld.comgithub.comhub.video.msn.comi.nflcdn.comimg.widgets.video.s-msn.comimgcache.qq.comis4.myvideo.dejs.kankan.xunlei.coml.yimg.comlads.myspace.comlive.nicovideo.jpmedia1.break.commetatube.commovie.douban.commovie.mtime.comnl.ign.complayer.cntv.cnplayer.hulu.complayer.ooyala.complayer.rts.chplayer.theplatform.complayer.twitch.tvplayer.video.qiyi.complayer.vimeo.complayer.youku.comrtssatweb.videostreaming.rsrutube.rus-static.ak.facebook.coms.mcstatic.coms1.56img.comsafe.txmblr.comsecure-a.vimeocdn.comservice.weibo.comssl.acfun.tvstatic-cdn1.ustream.tvstatic.ak.crunchyroll.comstatic.ak.facebook.comstatic.ak.fbcdn.netstatic.crunchyroll.comstatic.m1905.comstatic.youku.comstatic1.dmcdn.netstatic1.mtime.cntv.sohu.comtwitch.tvvideo.ted.comvideohosting.sidereel.comvideoplayer.vevo.comvimeo.comvine.covk.comvxml.ifengimg.comweb.microsoftstream.comwww-cdn.jtvnw.netwww-cdn.justin.tvwww.blogger.comwww.ceskatelevize.czwww.chartjs.orgwww.collegehumor.comwww.dailymotion.comwww.example.comwww.facebook.comwww.hulu.comwww.iqiyi.comwww.metacafe.comwww.nytimes.comwww.redditmedia.comwww.stefanvd.netwww.turnoffthelights.comwww.youtube-nocookie.comwww.youtube.comx.comyoutube.com

Indicators of Compromise

58 indicators of compromise found

File Statistics

265
Total Files
18
JS Files
11.3 MB
Total Size

Other Scanned Extensions

Urban VPN Proxy
8.2 CRITICAL
BrowserGPT: ChatGPT Anywhere Powered by GPT 4
8.2 CRITICAL
MyJDownloader Browser Extension
8.4 CRITICAL
__MSG_appName__
8.0 CRITICAL
HARPA AI: Web Automation with ChatGPT, Claude, Gemini, Grok
9.8 CRITICAL
Phantom
9.6 CRITICAL