Volume Master

Name: Security Analysis: Volume Master
Item: Volume Master
Rating: 5
Author: ChromeBoard

🔍 Security Report Available

👥 6M+ users

📦 v2.4.0

💾 91.03KiB

📅 2025-04-14

View on Chrome Web Store

Chrome will indicate if you already have this installed.

Overview

The simplest and most reliable volume booster

🚀 Features
⭐️ Up to 600 % volume boost
⭐️ Control volume of any tab
⭐️ Fine-grained control: 0 % - 600 %
⭐️ Switch to any tab playing audio with just one click

🚀 Full screen
⭐️ Chrome prevents you from going to a complete full-screen when using any extension manipulating with sound so you can always see the blue rectangle icon in the tab bar (to be aware of audio is being manipulated). There's no way to bypass it and after all it's a good thing that keeps you safe. However you can improve the situation a bit by pressing F11 (on Windows) or Ctr+Cmd+F (on Mac).

🚀 Permissions explained
⭐️ "Read and change all your data on the websites you visit": to be able to connect to and modify AudioContext of any website playing audio and to show list of all tabs playing audio

Completely free and with no ads

Made with ❤️ by Peta Sittek

Privacy Practices

✓ Not being sold to third parties, outside of the approved use cases

✓ Not being used or transferred for purposes that are unrelated to the item's core functionality

✓ Not being used or transferred to determine creditworthiness or for lending purposes

v2.4.0 Info Scanned Mar 4, 2026

Security Analysis — Volume Master

Analyzed v2.4.0 · Mar 4, 2026 · 3 JS files · 48 KB scanned

Permissions

Code Patterns Detected

External Connections

www.petasittek.com microsoftedge.microsoft.com

Package Contents 92 files · 126KB

▾📁_locales9KB

▾📁am

{}messages.json185B

▾📁ar

{}messages.json176B

▾📁bg

{}messages.json202B

▾📁bn

{}messages.json209B

▾📁ca

{}messages.json156B

▾📁cs

{}messages.json156B

▾📁da

{}messages.json142B

▾📁de

{}messages.json145B

▾📁el

{}messages.json175B

▾📁en

{}messages.json124B

▾📁en_GB

{}messages.json124B

▾📁en_US

{}messages.json124B

▾📁es

{}messages.json158B

▾📁es_419

{}messages.json158B

▾📁et

{}messages.json154B

▾📁fa

{}messages.json162B

▾📁fi

{}messages.json169B

▾📁fil

{}messages.json162B

▾📁fr

{}messages.json161B

▾📁gu

{}messages.json205B

▾📁he

{}messages.json160B

▾📁hi

{}messages.json199B

▾📁hr

{}messages.json150B

▾📁hu

{}messages.json158B

▾📁id

{}messages.json151B

▾📁it

{}messages.json156B

▾📁ja

{}messages.json182B

▾📁kn

{}messages.json202B

▾📁ko

{}messages.json149B

▾📁lt

{}messages.json149B

▾📁lv

{}messages.json157B

▾📁ml

{}messages.json208B

▾📁mr

{}messages.json223B

▾📁ms

{}messages.json153B

▾📁nl

{}messages.json138B

▾📁no

{}messages.json141B

▾📁pl

{}messages.json164B

▾📁pt_BR

{}messages.json155B

▾📁pt_PT

{}messages.json155B

▾📁ro

{}messages.json158B

▾📁ru

{}messages.json184B

▾📁sk

{}messages.json157B

▾📁sl

{}messages.json151B

▾📁sr

{}messages.json185B

▾📁sv

{}messages.json143B

▾📁sw

{}messages.json147B

▾📁ta

{}messages.json217B

▾📁te

{}messages.json217B

▾📁th

{}messages.json238B

▾📁tr

{}messages.json150B

▾📁uk

{}messages.json186B

▾📁vi

{}messages.json171B

▾📁zh_CN

{}messages.json143B

▾📁zh_TW

{}messages.json143B

▾📁_metadata12KB

{}verified_contents.json12KB

▾📁css26KB

▾📁font3KB

🔤fa4.woff23KB

🎨base.css334B

🎨c-analyser.css403B

🎨c-equalizer.css1KB

🎨c-made-by.css29B

🎨c-promo.css2KB

🎨c-rating-and-made-by.css135B

🎨c-rating.css873B

🎨c-settings-pane.css901B

🎨c-settings-switch.css175B

🎨c-support.css599B

🎨common.css142B

🎨footer.css1KB

🎨header.css597B

🎨notification.css537B

🎨outdated-browsers-manager.css335B

🎨popup.css12KB

🎨tab.css641B

🎨tabs.css134B

🎨volume-actions.css661B

🎨volume-info.css274B

🎨volume-slider.css126B

▾📁html16KB

🌐offscreen.html157B

🌐popup.html15KB

▾📁icon15KB

▾📁browser-extensions9KB

🖼dark-mode-everywhere.png1KB

🖼site-inspector.png1KB

🖼webtime-tracker.png6KB

🖼icon-128.png3KB

🖼icon-16.png401B

🖼icon-19.png471B

🖼icon-32.png726B

🖼icon-38.png892B

🖼icon-48.png1KB

▾📁js48KB

📜offscreen.js6KB

📜popup.js30KB

📜service-worker.js12KB

{}manifest.json668B

What This Extension Does

The Volume Master extension claims to boost volume by up to 600% and control audio levels. It's designed for users who want fine-grained control over their browser's audio settings. However, its functionality raises concerns about data exposure and potential risks.

Permissions Explained

activeTabexpected: This permission allows the extension to access the currently active tab in your browser.
Technical: The extension uses this API to read and modify AudioContext of any website playing audio, which could potentially expose sensitive information or allow unauthorized modifications.
offscreenexpected: This permission enables the extension to access tabs that are not currently visible on your screen.
Technical: The extension uses this API to capture and manipulate audio from off-screen tabs, which could potentially expose sensitive information or allow unauthorized modifications.
tabCapturecheck this: This permission allows the extension to capture screenshots of your browser's tabs.
Technical: The extension uses this API to capture and manipulate audio from any tab, which could potentially expose sensitive information or allow unauthorized modifications. This is a HIGH-risk permission due to its potential for data exposure and unauthorized access. ⚠ 1
tabsexpected: This permission enables the extension to access and manage your browser's tabs.
Technical: The extension uses this API to read and modify AudioContext of any website playing audio, which could potentially expose sensitive information or allow unauthorized modifications.
storageexpected: This permission allows the extension to store data locally on your device.
Technical: The extension uses this API to store and retrieve sensitive information, such as user preferences and audio settings. This could potentially expose sensitive information if compromised.

Your Data

The Volume Master extension accesses your browser's tabs, including those that are not currently visible on your screen. It also stores data locally on your device and sends requests to the developer's website (www.petasittek.com).

Technical Details

The extension contacts www.petasittek.com for unknown purposes. It also uses the tabCapture API to capture screenshots of your browser's tabs, which could potentially expose sensitive information or allow unauthorized modifications.

Code Findings

innerHTML assignment — potential XSS vectorMedium

This finding indicates that the extension uses innerHTML assignments in its code, which could potentially lead to cross-site scripting (XSS) attacks.

Technical: The extension's JavaScript files contain innerHTML assignments, which could allow an attacker to inject malicious scripts into the browser. This is a medium-risk finding due to the potential for XSS attacks.

💡 innerHTML assignments are commonly used in legitimate extensions to dynamically update content.

Captures keystrokesCritical

This finding indicates that the extension captures keystrokes, which could potentially expose sensitive information or allow unauthorized access.

Technical: The extension uses the tabCapture API to capture screenshots of your browser's tabs, including any keystrokes entered by the user. This is a critical-risk finding due to the potential for data exposure and unauthorized access.

💡 Keystroke capturing is not typically used in legitimate extensions, as it can be considered an invasion of user privacy.

Monitors form inputsMedium

This finding indicates that the extension monitors form inputs, which could potentially expose sensitive information or allow unauthorized access.

Technical: The extension uses event listeners to monitor form inputs, which could allow an attacker to inject malicious scripts into the browser. This is a medium-risk finding due to the potential for XSS attacks.

💡 Form input monitoring is commonly used in legitimate extensions to validate user input and prevent unauthorized access.

Screen/tab capture APICritical

This finding indicates that the extension uses the screen/tab capture API, which could potentially expose sensitive information or allow unauthorized access.

Technical: The extension uses the tabCapture API to capture screenshots of your browser's tabs, including any sensitive information displayed on those tabs. This is a critical-risk finding due to the potential for data exposure and unauthorized access.

💡 Screen/tab capture APIs are not typically used in legitimate extensions, as they can be considered an invasion of user privacy.

Sets up event listenersInfo

This finding indicates that the extension sets up event listeners to monitor user activity.

Technical: The extension uses event listeners to monitor user activity, which could potentially allow an attacker to inject malicious scripts into the browser. However, this is a common practice in legitimate extensions and does not pose a significant risk on its own.

💡 Event listener setup is commonly used in legitimate extensions to respond to user interactions and prevent unauthorized access.

Bottom Line

The Volume Master extension raises concerns about data exposure and potential risks due to its use of the tabCapture API, keystroke capturing, and form input monitoring. While it may provide useful functionality for users who want fine-grained control over their browser's audio settings, we recommend exercising caution when installing this extension and closely reviewing its permissions and behavior.