Examining Google Chrome Extensions Using Crxcavator

Ahmed Musaad
Ahmed Musaad
Examining Google Chrome Extensions Using Crxcavator

Chrome extensions have grown to be a genuine part of the web browser we use every day. Security is paramount when reviewing an extension and Crxcavator is here to help you do that.

Crxcavator is a project from DUO Security that helps users test Chrome extensions before installing them on their browser.

Crxcavator automatically scans the entire Chrome Web Store every 3 hours and produces a quantified risk score for each Chrome Extension based on several factors. These factors include permissions, inclusion of vulnerable third party javascript libraries, weak content security policies, missing details from the Chrome Web Store description, and more. Organizations can use this tool to assess the Chrome Extensions they have installed and to move towards implementing explicit allow (whitelisting) for their organization.

To analyze an extension, search for it using its name or its id. If you don’t know the extension id, you can find it in the extension URL, the highlighted part is the id:

chrome.google.com/webstore/detail/session-buddy/edacconmaakjimmfgnblocblbcdcpbko

For more information and full documentation, visit the project website: https://crxcavator.io/



Great! Next, complete checkout for full access to Ahmed Musaad
Welcome back! You've successfully signed in
You've successfully subscribed to Ahmed Musaad
Success! Your account is fully activated, you now have access to all content
Success! Your billing info has been updated
Your billing was not updated