Extension Auditor
Extension Auditor
Sign Up
Datagenie

Datagenie

ID: mnpfmcfgdahpdcdbaebpjlnhkanbphlk

Supported Languages

🇬🇧British English

Extension Info & Metadata

Status
Active
Version
0.0.0.1
Size
1.20 MB
Rating
5.0/5
Reviews
5
Users
11
Type
Extension
Updated
Aug 27, 2022
Category
Workflow & planning
Price
Free
Featured
No
Visibility
Listed
Mature
No
By Google
No
Trusted
Yes
Download CRX
Chrome Web Store
Report Issue

Publisher Contextual Analysis

Trusted
Author
datageniecoView Profile
Privacy
Privacy Policy
Help
Help Center
Country
GB
MX records exist
Yes
Domain exists
Yes
Is disposable
No
Is role-based
Yes
Mailbox exists
Yes
Address
71-75 Shelton Street London WC2H 9JQ GB
Website
Visit
Total Extensions
2
Active
1
Obsolete
1
Listed
2
Unlisted
0
Total Users
19
Screenshot 1
Screenshot 2
Screenshot 3
Screenshot 4
Screenshot 5
Screenshot 6

DataGenie is the most inexpensive & quickest way to get B2B contact data for sales, marketing and recruitment. Find and export…

DataGenie is the most inexpensive & quickest way to get B2B contact data for sales, marketing and recruitment. Find and export email addresses & phone numbers from LinkedIn profiles and from company websites. Simple to install and use. Free trial | Community version | Various packages | Book a demo: https://www.datagenie.co CONTACT LINKEDIN PROFILES DIRECTLY BY EMAIL DataGenie provides verified email address & phone numbers straight from the LinkedIn tab. Now you can download contact details from any LinkedIn profile without having to leave the browser. The extension also shows related contacts and their emails addresses and phone numbers. FIND EMPLOYEE CONTACT DETAILS DIRECTLY FROM COMPANY WEBSITES Relevant contacts with verified email addresses and phone numbers. No more wasted hours researching employees contact details. Just open the company website and DataGenie browser extension does the rest. WHY DATAGENIE? >Because DataGenie is trusted, inexpensive and fantastically accurate. >Because it’s quick to set up, fast and easy-to-use. >Because the data is verified again, today, the moment you click to download. REAL-TIME DATA VALIDATION Data has a sell-by date. When you download data it should be fresh as the day it was sourced. When you choose your contact, the email address is checked again, in real-time, using email address validation algorithms. DataGenie uniquely performs a second verification of the email address using SMTP interrogation. No other contact data provider performs this extraordinary level of email address authentication, and at no extra cost RECRUITMENT REVIEWS Included in contact data are validated reviews by employers, vital for HR & recruiters. TRY DATAGENIE FOR 10 DAYS FREE No card details, no contract, no obligation. Just the basic details and off you go… Any questions just call or email: [email protected] Book a demo: https://www.datagenie.co London: +44 (0) 207 609 2800 New York: +1 (0) 646 757 1645 https://www.facebook.com/datagenie.co/ https://twitter.com/DataGenieCo https://www.linkedin.com/company/datagenie/

Item
Type
Severity
Description
Contextual Risk Factors
Risk Factor
High
The following context increases the overall risk:• 15% increase: Older manifest version lacks modern security controls
activeTab
Permission
Medium
This permission grants temporary access to the current tab. Rated Medium because it can access current page content when invoked, though limited to user-initiated actions.
Older Manifest Version
Risk Factor
Medium
This extension uses Manifest Version 2
https://www.linkedin.com/*
Permission
Unknown
No classification available for this permission.

The bundled manifest declares MV2 with only `activeTab` and `https://www.linkedin.com/*`, but the live CWS-published manifest declares MV3 with `tabs`, `cookies`, `storage`, and `<all_urls>` host permissions plus `web_accessible_resources` exposed to all sites. This is a significant privilege escalation between the archived bundle and the live listing, indicating the publisher pushed a dramatically more powerful version after initial approval — a common bait-and-switch technique.

manifest.json (Line 1)
{  "manifest_version": 2,  "permissions": [    "activeTab",    "https://www.linkedin.com/*"  ],  "background": {    "scripts": [      "popup.js"    ],    "persistent": true  }}

The popup unconditionally injects payload.js into the active tab on every popup open via the background page's executeScript. In this bundle payload.js only reads document.title, but with the live manifest's `<all_urls>` and `cookies` permissions the same injection mechanism could harvest cookies, credentials, or full page content from any site. The pattern is consistent with a loader skeleton waiting for a more capable payload to be deployed.

popup.js (Line 2)
window.addEventListener('load', function(evt) {  chrome.extension.getBackgroundPage()    .chrome.tabs.executeScript(null, {      file: 'payload.js'    });;});

By severity

Critical0
High1
Medium1
Low0

Versions scanned

Showing 1 of 10 scanned versions with more than one unique finding. Counts are unique findings that include each version.

Extension VersionCode Review Findings
0.0.0.12

Files with findings

2 distinct paths — top paths by unique finding count:

  • manifest.json1
  • popup.js1
S.No.
Category
Severity
File
Summary
Found in Version
1Other
high
manifest.json (line 1)The bundled manifest declares MV2 with only `activeTab` and `https://www.linkedin.com/*`, but the live CWS-published manifest declares MV3 with `tabs`, `cookies`, `storage`, and `<all_urls>` host permissions plus `web…
0.0.0.1
2Code Injection
medium
popup.js (line 2)The popup unconditionally injects payload.js into the active tab on every popup open via the background page's executeScript. In this bundle payload.js only reads document.title, but with the live manifest's `<all_url…
0.0.0.1
URLs
3
IPv4
1
IPv6
0

URLs

View the external URLs this extension communicates with to understand its network activity and data interactions.

Gain full insight into all external connections.

Upgrade for full visibility.

Sign In
www.datagenie.co/wp-content/uploads/2021/02/logo.pnghttps://www.datagenie.co/wp-content/uploads/2021/02/logo.png
clients2.google.com/service/update2/crxhttps://clients2.google.com/service/update2/crx
www.linkedin.com/*https://www.linkedin.com/*

Gain full insight into all external connections.

Upgrade for full visibility.

Sign In
0.0.0.1
IPv4
-
Version
Size
Is Malicious
Findings
Permhash
9.2.1
Latest
1.19 MB
Malicious
f9876f930800e85afddf80dddecd7074e4b5cc865f4fb8f6e746c171bf0d48c5
9.1.18
1.19 MB
Malicious
f9876f930800e85afddf80dddecd7074e4b5cc865f4fb8f6e746c171bf0d48c5
9.1.15
1.19 MB
Malicious
f9876f930800e85afddf80dddecd7074e4b5cc865f4fb8f6e746c171bf0d48c5
9.1.5
1.17 MB
Malicious
f9876f930800e85afddf80dddecd7074e4b5cc865f4fb8f6e746c171bf0d48c5
9.0.7
1.00 MB
Malicious
f9876f930800e85afddf80dddecd7074e4b5cc865f4fb8f6e746c171bf0d48c5
5.0.1
0.96 MB
Malicious
2bb2815a0bf572909be735860b51ecc43533315c3edaad9bc733eb79c43d4ec8
0.0.2
0.88 MB
Malicious
31d9e011b5a0eede6a9922b81096a4b383fc99aa93555d1a9efdf76c42e8b399
0.0.1
0.06 MB
Malicious
N/A
0.0.0.1
0.00 MB
Malicious
2
f91bb991acad4113b710e37d9133539440dd35cc5bdc413f8e4cdfd6e48f8911
9.3.4
1.20 MB
Malicious
f9876f930800e85afddf80dddecd7074e4b5cc865f4fb8f6e746c171bf0d48c5
Showing 1 to 10 of 10 rows
Rows per page:

Code Diff

Compare extension code between any two versions.

0 changed files (scanned top 25 shared text files)

No comparable text files found between these versions.

Browse and explore files within this extension package

Gain full insight into all external connections.

Upgrade for full visibility.

Sign In