Yandex Access
🔍 Security Report Available View on Chrome Web StoreChrome will indicate if you already have this installed.
Blocks distracting ads and pop-ups, allowing you to focus on your online work, while also bringing a convenient feature for managing Yandex accounts. Lets you quickly access your account information and perform common actions without leaving the browser. Brings a useful tool for those who frequently use Yandex services.
Overview
Яндекс.Перепустка, покращує роботу в інтернеті.
Встановлюючи програму, ви приймаєте умови Ліцензійної угоди http://legal.yandex.ua/desktop_software_agreement/
Tags
Privacy Practices
Security Analysis — Yandex Access
Permissions
Code Patterns Detected
External Connections
Package Contents 5 files · 292KB
What This Extension Does
Yandex Access (Яндекс.Перепустка) is a Chrome extension that claims to improve internet work, but its true purpose and data handling practices are unclear. It has been installed by over 1 million users.
Permissions Explained
- cookiescheck this: This permission allows the extension to read and modify cookies on your device.
Technical: Accesses Chrome's cookie storage, potentially allowing data theft or manipulation of user sessions. Attack surface: moderate. ⚠ 1 - alarmsexpected: This permission allows the extension to schedule and manage alarms on your device.
Technical: Accesses Chrome's alarm system, potentially allowing unauthorized scheduling or manipulation of user notifications. Attack surface: low. - proxycheck this: This permission allows the extension to act as a proxy server on your device.
Technical: Accesses Chrome's proxy settings, potentially allowing unauthorized data interception or manipulation of user traffic. Attack surface: CRITICAL. ⚠ 1 - storagecheck this: This permission allows the extension to read and write data to your device's storage.
Technical: Accesses Chrome's storage system, potentially allowing unauthorized data theft or manipulation of user files. Attack surface: moderate. ⚠ 1 - declarativeNetRequestcheck this: This permission allows the extension to manage network requests on your device.
Technical: Accesses Chrome's declarative net request system, potentially allowing unauthorized data interception or manipulation of user traffic. Attack surface: high. ⚠ 1 - scriptingcheck this: This permission allows the extension to execute scripts on your device.
Technical: Accesses Chrome's scripting system, potentially allowing unauthorized code execution or data manipulation. Attack surface: moderate. ⚠ 1 - <all_urls>check this: This permission allows the extension to access all URLs on your device.
Technical: Accesses Chrome's URL system, potentially allowing unauthorized data interception or manipulation of user traffic. Attack surface: CRITICAL. ⚠ 1
Your Data
The extension accesses cookies on your device and sends data to various domains, including yandex.ru, st.yandex-team.ru, and d1cv6bu0xiop18.cloudfront.net.
Technical Details
Code Findings
The extension loads external scripts in its service worker, which may allow unauthorized code execution or data manipulation.
Technical: The extension's service worker (yandex_access.js) uses the fetch API to load external scripts from ecma-international.org and es5.github.io. This may allow unauthorized code execution or data manipulation.
💡 Loading external scripts is a common practice in legitimate extensions for functionality like content injection or feature updates.
Based on the findings, we recommend that users exercise caution when installing Yandex Access. The extension's permissions and data handling practices raise concerns about unauthorized data access and manipulation. Users should carefully review the extension's stated purpose and features before installation.
