Microsoft Bing Search Wit

Name: Security Analysis: Microsoft Bing Search Wit
Item: Microsoft Bing Search Wit
Rating: 5
Author: ChromeBoard

🔍 Security Report Available

👥 3M+ users

📦 v2.23

💾 1.3MiB

📅 2025-11-09

View on Chrome Web Store

Chrome will indicate if you already have this installed.

Overview

• See your point balance and status any time
• Get easy access to your rewards and redemption pages
• Quickly complete daily offers to earn points
• Track how many points you earn each day
• See how many points you need to redeem your goal reward
• See how many points you need to maintain Level 2 status this month (Level 2 members only)

About Microsoft Rewards

It’s the easiest way to get rewarded for doing what you already do. Just search with Bing, browse with Microsoft Edge, and shop at the Microsoft and Windows stores to earn free rewards. Just sign in to Microsoft Rewards or join today (https://www.bing.com/explore/rewards).

Here’s what you get

Movies, music, games, apps, and more. Just redeem the points for the content you want, or use points towards the purchase of an Xbox One and other great devices. No other program gives you benefits for doing the stuff you love with Microsoft products and devices.

Privacy Practices

✓ Not being sold to third parties, outside of the approved use cases

✓ Not being used or transferred for purposes that are unrelated to the item's core functionality

✓ Not being used or transferred to determine creditworthiness or for lending purposes

v2.23 Info Scanned Mar 5, 2026

Security Analysis — Microsoft Bing Search Wit

Analyzed v2.23 · Mar 5, 2026 · 13 JS files · 153 KB scanned

Permissions

Code Patterns Detected

External Connections

www.bing.com go.microsoft.com browserdefaults.microsoft.com services.bingapis.com browserdefaults.chinacloudsites.cn msasg.visualstudio.com dc.services.visualstudio.com

Package Contents 131 files · 1.5MB

▾📁Welcomepage1.3MB

▾📁assets1.2MB

▾📁images1.2MB

▾📁banner1.1MB

🖼BingBanner.png1.1MB

▾📁logo43KB

🖼Microsoft_favicon.ico17KB

🖼bing-logo-white.png26KB

▾📁json12KB

▾📁Common10KB

▾📁am-et

{}messages.json189B

▾📁ar-sa

{}messages.json177B

▾📁bg-bg

{}messages.json250B

▾📁bn-in

{}messages.json350B

▾📁ca-es

{}messages.json164B

▾📁cs-cz

{}messages.json170B

▾📁da-dk

{}messages.json147B

▾📁de-de

{}messages.json162B

▾📁el-gr

{}messages.json247B

▾📁en-gb

{}messages.json142B

▾📁en-us

{}messages.json142B

▾📁es-419

{}messages.json183B

▾📁es-es

{}messages.json163B

▾📁et-ee

{}messages.json155B

▾📁fa-ir

{}messages.json260B

▾📁fi-fi

{}messages.json152B

▾📁fil-ph

{}messages.json156B

▾📁fr-fr

{}messages.json185B

▾📁gu-in

{}messages.json311B

▾📁he-il

{}messages.json168B

▾📁hi-in

{}messages.json299B

▾📁hr-hr

{}messages.json152B

▾📁hu-hu

{}messages.json157B

▾📁id-id

{}messages.json158B

▾📁it-it

{}messages.json164B

▾📁ja-jp

{}messages.json214B

▾📁kn-in

{}messages.json312B

▾📁ko-kr

{}messages.json180B

▾📁lt-lt

{}messages.json154B

▾📁lv-lv

{}messages.json167B

▾📁ml-in

{}messages.json362B

▾📁mr-in

{}messages.json310B

▾📁ms-my

{}messages.json168B

▾📁nb-no

{}messages.json156B

▾📁nl-nl

{}messages.json157B

▾📁pl-pl

{}messages.json162B

▾📁pt-br

{}messages.json166B

▾📁pt-pt

{}messages.json168B

▾📁ro-ro

{}messages.json162B

▾📁ru-ru

{}messages.json238B

▾📁sk-sk

{}messages.json161B

▾📁sl-si

{}messages.json157B

▾📁sr-cyrl

{}messages.json220B

▾📁sv-se

{}messages.json157B

▾📁ta-in

{}messages.json372B

▾📁te-in

{}messages.json345B

▾📁th-th

{}messages.json317B

▾📁tr-tr

{}messages.json176B

▾📁uk-ua

{}messages.json212B

▾📁vi-vn

{}messages.json209B

▾📁zh-cn

{}messages.json119B

▾📁zh-tw

{}messages.json139B

▾📁ExtnName2KB

▾📁1062KB

{}messages.json2KB

▾📁css3KB

🎨style.css3KB

▾📁scripts93KB

{}extnDetails.json250B

📜jquery.min.js86KBlarge

📜json.js6KB

🌐index.html1KB

▾📁_locales86KB

▾📁am2KB

{}messages.json2KB

▾📁ar2KB

{}messages.json2KB

▾📁bg2KB

{}messages.json2KB

▾📁bn2KB

{}messages.json2KB

▾📁ca2KB

{}messages.json2KB

▾📁cs2KB

{}messages.json2KB

▾📁da2KB

{}messages.json2KB

▾📁de2KB

{}messages.json2KB

▾📁el2KB

{}messages.json2KB

▾📁en2KB

{}messages.json2KB

▾📁en_GB2KB

{}messages.json2KB

▾📁en_US2KB

{}messages.json2KB

▾📁es2KB

{}messages.json2KB

▾📁es_4192KB

{}messages.json2KB

▾📁et2KB

{}messages.json2KB

▾📁fa2KB

{}messages.json2KB

▾📁fi2KB

{}messages.json2KB

▾📁fil2KB

{}messages.json2KB

▾📁fr2KB

{}messages.json2KB

▾📁he2KB

{}messages.json2KB

▾📁hi2KB

{}messages.json2KB

▾📁hr2KB

{}messages.json2KB

▾📁hu2KB

{}messages.json2KB

▾📁id2KB

{}messages.json2KB

▾📁it2KB

{}messages.json2KB

▾📁ja2KB

{}messages.json2KB

▾📁ko2KB

{}messages.json2KB

▾📁lt2KB

{}messages.json2KB

▾📁lv2KB

{}messages.json2KB

▾📁ms2KB

{}messages.json2KB

▾📁nb2KB

{}messages.json2KB

▾📁nl2KB

{}messages.json2KB

▾📁no2KB

{}messages.json2KB

▾📁pl2KB

{}messages.json2KB

▾📁pt_BR2KB

{}messages.json2KB

▾📁pt_PT2KB

{}messages.json2KB

▾📁ro2KB

{}messages.json2KB

▾📁sk2KB

{}messages.json2KB

▾📁sl2KB

{}messages.json2KB

▾📁sr2KB

{}messages.json2KB

▾📁sv2KB

{}messages.json2KB

▾📁th2KB

{}messages.json2KB

▾📁tr2KB

{}messages.json2KB

▾📁uk2KB

{}messages.json2KB

▾📁vi2KB

{}messages.json2KB

▾📁zh_CN2KB

{}messages.json2KB

▾📁zh_TW2KB

{}messages.json2KB

▾📁_metadata19KB

{}verified_contents.json19KB

▾📁images32KB

🖼128x128.png9KB

🖼16x16.png715B

🖼32x32.png2KB

🖼48x48.png2KB

🖼bgextn.png120B

🖼rewards_icon.png224B

🖼rewards_offline.png19KB

📜background.js2KB

📜extensionTracking.js2KB

📜firstSearchNotificationBackground.js3KB

📜firstSearchNotificationContent.js3KB

📜global.js621B

{}manifest.json2KB

📜notifications.js15KB

🎨offline_popup.css2KB

🌐offline_popup.html2KB

📜offline_popup.js3KB

📜ping.js22KB

🎨rewardAction.css625B

📜rewardAction.js1KB

📜rootServiceWorker.js209B

📜telemetry.js8KB

What This Extension Does

The Microsoft Bing Search Wit extension helps users earn rewards by searching with Bing, browsing with Microsoft Edge, and shopping at Microsoft stores. It provides features to track points, redeem rewards, and maintain Level 2 status. This extension is suitable for users who want to utilize their Microsoft Rewards program effectively.

Permissions Explained

cookiesexpected: This permission allows the extension to access cookies stored on your device.
Technical: The extension can read and modify browser cookies, which could be used for tracking or session hijacking if compromised. This is a HIGH-risk permission due to its potential impact on user data security.
managementexpected: This permission enables the extension to manage browser settings and extensions.
Technical: The extension can modify browser settings, install/uninstall other extensions, and access browser data. This is a MEDIUM-risk permission due to its potential impact on user control over their browser environment.
notificationsexpected: This permission allows the extension to display notifications to the user.
Technical: The extension can show notifications, which could be used for phishing or social engineering attacks if compromised. This is a MEDIUM-risk permission due to its potential impact on user experience and security awareness.
storageexpected: This permission enables the extension to store data locally on your device.
Technical: The extension can read/write local storage, which could be used for storing sensitive user data if compromised. This is a MEDIUM-risk permission due to its potential impact on user data security.
scriptingexpected: This permission allows the extension to execute scripts in the browser context.
Technical: The extension can inject scripts into web pages, which could be used for malicious activities like XSS attacks if compromised. This is a MEDIUM-risk permission due to its potential impact on user security and data integrity.
declarativeNetRequestexpected: This permission enables the extension to block or modify network requests.
Technical: The extension can intercept and modify HTTP requests, which could be used for malicious activities like data tampering or man-in-the-middle attacks if compromised. This is a HIGH-risk permission due to its potential impact on user security and data integrity.
http://*/*check this: This permission allows the extension to access all HTTP requests.
Technical: The extension can intercept and modify all HTTP requests, which could be used for malicious activities like data tampering or man-in-the-middle attacks if compromised. This is a CRITICAL-risk permission due to its potential impact on user security and data integrity. ⚠ 1
https://*/*check this: This permission enables the extension to access all HTTPS requests.
Technical: The extension can intercept and modify all HTTPS requests, which could be used for malicious activities like data tampering or man-in-the-middle attacks if compromised. This is a CRITICAL-risk permission due to its potential impact on user security and data integrity. ⚠ 1

Your Data

The extension accesses cookies stored on your device, sends data to various Microsoft domains (e.g., www.bing.com, go.microsoft.com), and can potentially access sensitive user data if compromised.

Technical Details

The extension contacts the following domains: www.bing.com, go.microsoft.com, browserdefaults.microsoft.com, services.bingapis.com, browserdefaults.chinacloudsites.cn, msasg.visualstudio.com, dc.services.visualstudio.com. It uses HTTP and HTTPS protocols for communication.

Code Findings

innerHTML assignment — potential XSS vectorMedium

This code pattern could potentially lead to cross-site scripting (XSS) attacks if an attacker injects malicious HTML into the extension's context.

Technical: The extension uses innerHTML assignment in its content script, which could be exploited by an attacker to inject malicious HTML. This is a medium-risk finding due to its potential impact on user security and data integrity.

💡 This pattern is commonly used for dynamic content injection in legitimate extensions.

String.fromCharCode (obfuscation)Medium

The extension uses String.fromCharCode to obfuscate its code, making it harder to analyze and understand.

Technical: The extension uses String.fromCharCode to encode its code, which could be used for malicious activities like hiding malware or spyware. This is a medium-risk finding due to its potential impact on user security and data integrity.

💡 This pattern is commonly used in legitimate extensions for code obfuscation and compression.

Creates script elements dynamicallyHigh

The extension creates script elements dynamically, which could potentially lead to malicious activities like XSS attacks or code injection.

Technical: The extension uses document.createElement('script') to create script elements dynamically, which could be exploited by an attacker to inject malicious scripts. This is a high-risk finding due to its potential impact on user security and data integrity.

💡 This pattern is commonly used in legitimate extensions for dynamic content injection or code loading.

Bottom Line

The Microsoft Bing Search Wit extension has some concerning permissions (http://*/*, https://*/*) and code patterns (innerHTML assignment, String.fromCharCode obfuscation, creates script elements dynamically). While it provides useful features for users, its potential security risks should be carefully evaluated before installation. Users are advised to exercise caution when installing this extension.