电脑管家上网防护
🔍 Security Report Available View on Chrome Web StoreChrome will indicate if you already have this installed.
Overview
过滤网络不良信息,保护您的上网环境
Tags
Privacy Practices
Security Analysis — 电脑管家上网防护
Permissions
Code Patterns Detected
External Connections
Package Contents 14 files · 209KB
What This Extension Does
电脑管家上网防护 (Computer Guardian Online Protection) is a Chrome extension that filters out malicious online content to protect your browsing environment. It's designed for users who want to maintain a safe and secure online experience.
Permissions Explained
- nativeMessagingcheck this: This permission allows the extension to communicate with native applications on your device, which can be useful for certain security features.
Technical: Native messaging enables the extension to interact with system-level APIs, potentially exposing sensitive data and increasing attack surface if compromised. This is a critical risk due to its potential impact on system integrity. ⚠ 1 - tabsexpected: This permission lets the extension access and interact with your open tabs, which can be useful for certain features like tab filtering or blocking.
Technical: The 'tabs' permission grants the extension access to tab metadata (e.g., URL, title), potentially exposing sensitive information if mishandled. This is a medium-risk permission due to its potential impact on user data and browsing experience. - storageexpected: This permission allows the extension to store and retrieve data locally, which can be useful for features like password management or settings storage.
Technical: The 'storage' permission grants the extension access to local storage mechanisms (e.g., Chrome Storage API), potentially exposing sensitive data if mishandled. This is a medium-risk permission due to its potential impact on user data and browsing experience.
Your Data
The extension accesses local storage mechanisms (e.g., Chrome Storage API) and communicates with native applications, potentially exposing sensitive data. It also sends data to the following domains: www.w3.org, sdi.3g.qq.com, guanjia.qq.com, urlsec.qq.com, element-plus.org.
Technical Details
- www.w3.org
- sdi.3g.qq.com
- guanjia.qq.com
- urlsec.qq.com
- element-plus.org
- HTTPS
- cookies
- tokens
Code Findings
This is a common pattern in modern web development, allowing the extension to make HTTP requests to external servers.
Technical: The extension uses the Fetch API ( chrome.runtime.sendMessage() ) to send requests to external domains. This is a legitimate use of the Fetch API for network requests.
💡 1
This allows the extension to communicate with other web pages or extensions, potentially exposing sensitive data if mishandled.
Technical: The extension uses postMessage ( chrome.runtime.sendMessage() ) to send messages to external domains. This can be a risk if not properly sanitized and validated.
💡 1
Based on our analysis, we recommend exercising caution when using this extension due to its critical-risk nativeMessaging permission and medium-risk storage and tabs permissions. While the extension's features are designed to protect your online environment, potential data exposure risks exist if not properly managed.
