JS Vulnerability Detector

JavaSript Vulnerability Detector is a result of my Master Thesis at Brno University of Technology, Faculty of Information…

What is JS Vulnerability Detector?

JS Vulnerability Detector is a Chrome extension that adds security features to end-users by scanning JavaScript code on websites and detecting known vulnerabilities, such as vulnerable versions of jQuery. It allows you to block, patch, or track the vulnerable scripts, providing protection against potential attacks. The extension is developed as a result of a Master Thesis at Brno University of Technology.

Download

Stats

By: randysekvojta

View on Chrome Web Store

Users: 327 ▲ 5

Rating: 5.00 (1)

Version: 1.0.0 (Last updated: 2022-12-13)

Creation date: 2022-04-19

Risk impact: Moderate risk impact

Risk likelihood: Very low risk likelihood

Manifest version: 3

Permissions:

storage

Host permissions:

<all_urls>

Size: 470.02K

Email: ra*****@seznam.cz

Stats date:

Chrome-Stats Rank

# 44765 ▲ 255

Other rankings

#1150 in Developer Tools ▼ 51

#20 in jquery keyword 16

#80 in javascript keyword 44

#118 in detect keyword 15

#120 in contain keyword 13

Upgrade to see more rankings

Other platforms

Not available on Firefox

Not available on Edge

Want to check extension ranking and stats more quickly for other Chrome extensions? Install Chrome-Stats extension to view Chrome-Stats data as you browse the Chrome Web Store.

Summary

Analyze keywords

JavaSript Vulnerability Detector is a result of my Master Thesis at Brno University of Technology, Faculty of Information technology, graduation year 2022. The extension aims to add security features to the end-users of various websites containing vulnerable JavaScript library code. The principle of extension is following:

After page loads the extension scans all the JavaScript contained on the page and sends it to background script for processing.
If the script contains a known vulnerability (initial version focuses mostly on jQuery), it is tracked and shown in the extension popup. After detection the vulnerable script can be blocked, patched or left as is and only tracked.

All data is stored locally and can be cleared by a "Clear" button in the extension popup. There is no server communication going on, no data leaves the browser.

Extension runs in 4 modes:

disabled - no action
analyze - standard analysis only mode - no patching or blocking of vulnerable scripts
bloc - vulnerable scripts are removed from website
repair - experimental, vulnerable scripts are patched if possible

Currently it can detect vulnerable versions of jQuery (all up to 3.5.0) and repair them by updating them in runtime to 3.5.0 and couple more (around 30, including some of lodash, remarkjs, axios, handlebars and other vulnerabilities).

Source codes are open, available at https://github.com/xrandy00/mt_2022

User reviews

GOOD

Michael Olefson, 2023-12-24

View all user reviews

Safety

Risk impact

JS Vulnerability Detector may not be safe to use and it requires some risky permissions. Exercise caution when installing this extension. Review carefully before installing.