Browser extensionChrome
Chrome extensions, inspected on every update.
Extuno diffs each Chrome extension release and shows the exact permission, script, or network change an MV3 update introduced - checked by static, dynamic, and AI analysis.
Chrome - live inspectionInspecting
JSON Formatter 3.1.2
chrome extension
3.1.1->3.1.2chrome extension
Static
Dynamic
AI
Analyzing update
What Extuno catches in Chrome
Evidence, not guesswork.
Each finding names the change, why it is dangerous, and the recommended action.
Diff finding
MV3 remote code
A script loaded from an attacker host, added on this update and absent before.
Critical
Diff finding
Broadened host permissions
Scope jumped from a single host to all hosts in one release.
Review
Diff finding
Cookie exfiltration
background.js reads document.cookie then POSTs it to an unlisted host.
Critical
See it on a poisoned update
A clean extension, poisoned on update
The manifest diff exposes new host permissions and a remote-code path; the sandbox captures the beacon.
- + Vulnerability and secret-leak testing on every version
- + Static analysis reads the code without running it
- + Dynamic sandbox runs it live and records behavior
- + AI code analysis reads the full source and correlates the change against prior versions
Chromemanifest diffv3.1.1 -> v3.1.2
- tabs
- storage
- + host permission: *://*/*
- + scripting (remote code)
extensioncdn-metrics.io
Scan your first Chrome extension free.
Your first 5 credits are free - that is 5 full scans, no card required.