UvoiceSecurity Analysis

Extension intercepts network traffic and sends data externally — potential man-in-the-middle behavior.

Injects and executes scripts in web pages programmatically.

Dynamically sets a script's src attribute to load external code at runtime.

Dynamically creates script elements, potentially loading external malicious code.

Sends messages via Chrome runtime, could communicate with external services.

Dynamically creates iframe elements, which can be used to load external content or hide malicious UI.

Modifies window.location to redirect the user, potentially to phishing or malicious pages.

Line exceeds 5000 characters (entropy: 5.431043485306765)

This extension does not define a Content Security Policy. A CSP helps prevent XSS and code injection attacks.

Web-accessible resources use <all_urls> or wildcard patterns, exposing resources to every website.

Extension uses tab tracking APIs (onUpdated/query) and communicates with external servers — potential browsing surveillance.

Encodes data to base64, may be used for data exfiltration.

Sets innerHTML directly, which can lead to XSS if used with untrusted data.

String with entropy 6 bits — may be encoded/encrypted data

dist/_next/static/chunks/framework-9b5d6ec4444c80fa.js