Audi Custom Background

The new-tab search form submits user queries to powerofsearches.com with affiliate tracking parameters (gd=SY1001362, searchsource=69), a third-party search monetization domain unrelated to Bing or the extension's stated purpose. The CWS listing explicitly claims the extension sets search to Bing, but the actual form action is a different domain entirely — a deliberate misdescription. User search queries are sent to a third-party without disclosure.

<form method="get" action="https://www.powerofsearches.com/Results.aspx">  < input id="searchinput" type="text" placeholder="Search..." name="q" value="" />    < input type="hidden" name="gd" value="SY1001362" />      < input type="hidden" name="searchsource" value="69" />

Every search the user submits is redirected to `extdetail['redirection_url']`, a value fetched at runtime from the publisher's backend (mtbextension.com/audi/). This gives the server-side operator full, dynamic control over where user search queries are sent — the destination can be changed at any time without a code update, making static analysis insufficient to determine the final redirect target. This is a classic command-and-control search-redirect pattern.

cl.addEventListener('click', function() {  var kw = cl.getAttribute('data');  window.location.href = extdetail['redirection_url'].replace('[keyword]', encodeURI(kw));});...queryform.addEventListener('submit', function(event) {  event.preventDefault();  if (search.value) {    window.location.href = extdetail['redirection_url'].replace('[keyword]', encodeURI(search.value));  }});

Footer links and their text labels are fetched from the publisher's remote backend and inserted into the new-tab DOM via insertAdjacentHTML without any sanitization. The publisher can push arbitrary anchor tags (including javascript: hrefs or misleading phishing-style links) to all installed instances of the extension at any time. Combined with the server-controlled search redirect, this gives the operator a persistent, updatable channel to surface deceptive links on every new tab the user opens.

function setFooter() {  var footerCopyRight = extdetail['copyright_text'];  var footerMenus = JSON.parse(extdetail['footer_menu']);  var menus = '';  if (footerMenus.length > 0) {    for (let footerMenu of footerMenus)      menus = menus + '<li><a href="' + footerMenu['url'] + '" target="_blank">' + footerMenu['title'] +      '</a></li>';    document.body.querySelector('.footer')      .insertAdjacentHTML('beforeend', (menus != '' ? '<ul class="footer-links">' + menus + '</ul>' : '') + (        footerCopyRight != null ? '<div class="copy">' + footerCopyRight + '</div>' : ''));  }}