Examining Google Chrome Extensions Using Crxcavator

Crxcavator is a project from DUO Security that helps users test Chrome extensions before installing them on their browser.

Crxcavator automatically scans the entire Chrome Web Store every 3 hours and produces a quantified risk score for each Chrome Extension based on several factors. These factors include permissions, inclusion of vulnerable third party javascript libraries, weak content security policies, missing details from the Chrome Web Store description, and more. Organizations can use this tool to assess the Chrome Extensions they have installed and to move towards implementing explicit allow (whitelisting) for their organization.

To analyze an extension, search for it using its name or its id. If you don’t know the extension id, you can find it in the extension URL, the highlighted part is the id:

chrome.google.com/webstore/detail/session-buddy/edacconmaakjimmfgnblocblbcdcpbko

For more information and full documentation, visit the project website: https://crxcavator.io/