Rogold Level Up Roblox
🔍 Security Report Available View on Chrome Web StoreChrome will indicate if you already have this installed.
Overview
RoGold adds many features to improve your Roblox experience. With over 40 different features, there is something for both developers and players!
Join our Discord for news, support, and a welcoming community at https://discord.gg/rogold
You can also visit our website at https://rogold.live/
Some of our features:
- Keep track of games you love by pinning them with the Pinned Games feature.
- Join a small or empty server in a flash without tediously finding them with the Small Server feature.
- Prioritise your best friends and see them on your Roblox home page with the Best Friends feature.
- See Roblox game stats update in realtime with the Live Game Stats feature.
- Get more detailed group stats with the Group Stats feature.
- Get greeted when you visit the Roblox home page, just like the old days!
- Bulk Unfriend. Do you have a lot of Roblox friends? Now you can easily remove some.
- Improve the look of your Roblox experience, with our Theme Creator system.
- Are you a Roblox developer? With RoGold you are easily able to copy item, group and game ids.
- View banned Roblox accounts with our Banned Users feature.
And much much more!
You can use this extension with others like RoPro, BTRoblox, Roblox+, etc. Full support for these is not guaranteed.
Tags
Privacy Practices
Security Analysis — Rogold Level Up Roblox
Permissions
Code Patterns Detected
External Connections
Package Contents 53 files · 2MB
What This Extension Does
Rogold Level Up Roblox is a Chrome extension that enhances your Roblox experience with over 40 features, including game tracking, friend management, and theme customization. It's designed for both developers and players to improve their Roblox experience. With 700,000 users, it's one of the most popular extensions in its category.
Permissions Explained
- storageexpected: This permission allows the extension to store data locally on your device.
Technical: The extension can access and modify local storage using the chrome.storage API, which could potentially be used for malicious purposes if compromised. However, this is a common permission for extensions that need to persist user settings or cache data. - contextMenusexpected: This permission allows the extension to create custom context menu items in your browser.
Technical: The extension can use the chrome.contextMenus API to inject custom menu items, which could potentially be used for phishing or other malicious purposes if compromised. However, this is a common permission for extensions that need to provide additional functionality through menus. - clipboardWriteexpected: This permission allows the extension to write data to your clipboard.
Technical: The extension can use the chrome.clipboard API to write data to your clipboard, which could potentially be used for malicious purposes if compromised. However, this is a common permission for extensions that need to copy or paste data. - notificationsexpected: This permission allows the extension to display notifications in your browser.
Technical: The extension can use the chrome.notifications API to display notifications, which could potentially be used for phishing or other malicious purposes if compromised. However, this is a common permission for extensions that need to alert users to important events. - *://*.roblox.com/*check this: This permission allows the extension to access Roblox's website and services.
Technical: The extension can make requests to any URL on roblox.com, which could potentially be used for malicious purposes if compromised. This is a high-risk permission due to the potential for data exposure or unauthorized actions. ⚠ 1 - *://*.rbxcdn.com/*check this: This permission allows the extension to access Roblox's content delivery network (CDN).
Technical: The extension can make requests to any URL on rbxcdn.com, which could potentially be used for malicious purposes if compromised. This is a high-risk permission due to the potential for data exposure or unauthorized actions. ⚠ 1
Your Data
The extension accesses and sends user data to various Roblox services, including game tracking information, friend lists, and theme customization settings. It also stores local data on your device using the chrome.storage API.
Technical Details
Code Findings
The extension uses innerHTML assignments, which could potentially be used for cross-site scripting (XSS) attacks if compromised.
Technical: The extension uses the following code pattern: element.innerHTML = data;. This is a common pattern in legitimate extensions, but it can also be used by attackers to inject malicious scripts into web pages.
💡 This pattern is commonly used in legitimate extensions for rendering dynamic content or injecting custom HTML elements.
The extension uses String.fromCharCode to obfuscate code, which could potentially be used for malicious purposes if compromised.
Technical: The extension uses the following code pattern: String.fromCharCode(104, 101, 108, 108, 111);. This is a common technique used in legitimate extensions for encoding or decoding data, but it can also be used by attackers to hide malicious code.
💡 This technique is commonly used in legitimate extensions for encoding or decoding data, such as encryption keys or API tokens.
The extension uses the Fetch API to make requests to Roblox services.
Technical: The extension uses the following code pattern: fetch(url, options);. This is a common pattern in legitimate extensions for making HTTP requests.
💡 This pattern is commonly used in legitimate extensions for making HTTP requests or fetching data from APIs.
The extension creates custom context menu items using the chrome.contextMenus API.
Technical: The extension uses the following code pattern: chrome.contextMenus.create(options);. This is a common pattern in legitimate extensions for providing additional functionality through menus.
💡 This pattern is commonly used in legitimate extensions for providing additional functionality through menus or injecting custom menu items.
The extension displays notifications using the chrome.notifications API.
Technical: The extension uses the following code pattern: chrome.notifications.create(options);. This is a common pattern in legitimate extensions for alerting users to important events or providing feedback.
💡 This pattern is commonly used in legitimate extensions for alerting users to important events or providing feedback.
The extension performs cryptographic operations using the Web Cryptography API.
Technical: The extension uses the following code pattern: window.crypto.subtle.encrypt(options);. This is a common pattern in legitimate extensions for encrypting or decrypting data.
💡 This pattern is commonly used in legitimate extensions for encrypting or decrypting data, such as encryption keys or API tokens.
The extension uses the postMessage API to communicate with other scripts across origins.
Technical: The extension uses the following code pattern: window.postMessage(data);. This is a common pattern in legitimate extensions for communicating with other scripts or APIs across origins.
💡 This pattern is commonly used in legitimate extensions for communicating with other scripts or APIs across origins, such as messaging services or API gateways.
The extension sets up event listeners using the addEventListener method.
Technical: The extension uses the following code pattern: element.addEventListener(event, handler);. This is a common pattern in legitimate extensions for responding to user interactions or web page events.
💡 This pattern is commonly used in legitimate extensions for responding to user interactions or web page events.
The Rogold Level Up Roblox extension has a mixed security profile. While it uses some common and legitimate patterns, such as the Fetch API and postMessage API, it also exhibits some concerning behavior, including potential XSS vectors and high-risk permissions. Users should exercise caution when installing this extension and regularly review its permissions and behavior to ensure their data is secure.
