Extension Auditor
Extension Auditor
Sign Up
Audi Custom Background

Audi Custom Background

ID: oenompadodjkoakdnpmhfhldfoieeonh

Supported Languages

🇺🇸US English

Extension Info & Metadata

Status
Active
Version
2.6
Size
1.00 MB
Rating
0.0/5
Reviews
0
Users
37
Type
Extension
Updated
May 11, 2021
Category
Tools
Price
Free
Featured
No
Visibility
Unlisted
Mature
No
By Google
No
Trusted
Yes
Download CRX
Chrome Web Store
Report Issue

Publisher Contextual Analysis

Trusted
Author
MTBView Profile
Privacy
Privacy Policy
MX records exist
Yes
Domain exists
Yes
Is disposable
No
Is role-based
Yes
Mailbox exists
Yes
Total Extensions
3
Active
1
Obsolete
2
Listed
2
Unlisted
1
Total Users
296
Screenshot 1
Screenshot 2

Change your Search Engine Background to a Audi photo

This is an extension displays New Tab Audi background to a preset picture. By clicking "Add to chrome", I accept and agree to installing the Audi Background Chrome extension and setting Chromeâ„¢ New Tab to that provided by the service and the Privacy Policy (https://manictraffic.com/privacy-policy) and Terms of Use (https://manictraffic.com/terms-of-service) This extension will change your New Tab default search to Bing.

Item
Type
Severity
Description
Contextual Risk Factors
Risk Factor
High
The following context increases the overall risk:• 15% increase: Older manifest version lacks modern security controls
Older Manifest Version
Risk Factor
Medium
This extension uses Manifest Version 2

The new-tab search form submits user queries to powerofsearches.com with affiliate tracking parameters (gd=SY1001362, searchsource=69), a third-party search monetization domain unrelated to Bing or the extension's stated purpose. The CWS listing explicitly claims the extension sets search to Bing, but the actual form action is a different domain entirely — a deliberate misdescription. User search queries are sent to a third-party without disclosure.

landing.html (Line 57)
<form method="get" action="https://www.powerofsearches.com/Results.aspx">  < input id="searchinput" type="text" placeholder="Search..." name="q" value="" />    < input type="hidden" name="gd" value="SY1001362" />      < input type="hidden" name="searchsource" value="69" />

Every search the user submits is redirected to `extdetail['redirection_url']`, a value fetched at runtime from the publisher's backend (mtbextension.com/audi/). This gives the server-side operator full, dynamic control over where user search queries are sent — the destination can be changed at any time without a code update, making static analysis insufficient to determine the final redirect target. This is a classic command-and-control search-redirect pattern.

js/custom.js (Line 534)
cl.addEventListener('click', function() {  var kw = cl.getAttribute('data');  window.location.href = extdetail['redirection_url'].replace('[keyword]', encodeURI(kw));});...queryform.addEventListener('submit', function(event) {  event.preventDefault();  if (search.value) {    window.location.href = extdetail['redirection_url'].replace('[keyword]', encodeURI(search.value));  }});

Footer links and their text labels are fetched from the publisher's remote backend and inserted into the new-tab DOM via insertAdjacentHTML without any sanitization. The publisher can push arbitrary anchor tags (including javascript: hrefs or misleading phishing-style links) to all installed instances of the extension at any time. Combined with the server-controlled search redirect, this gives the operator a persistent, updatable channel to surface deceptive links on every new tab the user opens.

js/custom.js (Line 148)
function setFooter() {  var footerCopyRight = extdetail['copyright_text'];  var footerMenus = JSON.parse(extdetail['footer_menu']);  var menus = '';  if (footerMenus.length > 0) {    for (let footerMenu of footerMenus)      menus = menus + '<li><a href="' + footerMenu['url'] + '" target="_blank">' + footerMenu['title'] +      '</a></li>';    document.body.querySelector('.footer')      .insertAdjacentHTML('beforeend', (menus != '' ? '<ul class="footer-links">' + menus + '</ul>' : '') + (        footerCopyRight != null ? '<div class="copy">' + footerCopyRight + '</div>' : ''));  }}

By severity

Critical0
High2
Medium1
Low0

Versions scanned

Showing 1 of 3 scanned versions with more than one unique finding. Counts are unique findings that include each version.

Extension VersionCode Review Findings
2.63

Files with findings

2 distinct paths — top paths by unique finding count:

  • js/custom.js2
  • landing.html1
S.No.
Category
Severity
File
Summary
Found in Version
1Tracking
high
landing.html (line 57)The new-tab search form submits user queries to powerofsearches.com with affiliate tracking parameters (gd=SY1001362, searchsource=69), a third-party search monetization domain unrelated to Bing or the extension's sta…
2.6
2Tracking
high
js/custom.js (line 534)Every search the user submits is redirected to `extdetail['redirection_url']`, a value fetched at runtime from the publisher's backend (mtbextension.com/audi/). This gives the server-side operator full, dynamic contro…
2.6
3Code Injection
medium
js/custom.js (line 148)Footer links and their text labels are fetched from the publisher's remote backend and inserted into the new-tab DOM via insertAdjacentHTML without any sanitization. The publisher can push arbitrary anchor tags (inclu…
2.6
URLs
22
IPv4
0
IPv6
0

URLs

View the external URLs this extension communicates with to understand its network activity and data interactions.

Gain full insight into all external connections.

Upgrade for full visibility.

Sign In
clients2.google.com/service/update2/crxhttps://clients2.google.com/service/update2/crx
audiextension.com-http://audiextension.com/
use.fontawesome.com/releases/v5.0.13/css/all.csshttps://use.fontawesome.com/releases/v5.0.13/css/all.css
images.unsplash.com/photo-1502161254066-6c74afbf07aahttps://images.unsplash.com/photo-1502161254066-6c74afbf07aa?ixlib=rb-1.2.1&ixid=eyJhcHBfaWQiOjEyMDd9&auto=format&fit=crop&w=2102&q=80
www.powerofsearches.com/Results.aspxhttps://www.powerofsearches.com/Results.aspx
manictraffic.com/privacy-policyhttps://manictraffic.com/privacy-policy
manictraffic.com/terms-of-servicehttps://manictraffic.com/terms-of-service
manictraffic.com/contact-ushttps://manictraffic.com/contact-us
fonts.googleapis.com/csshttps://fonts.googleapis.com/css?family=Montserrat:100,100i,200,200i,300,300i,400,400i,500,500i,600,600i,700,700i,800,800i,900,900i
www.w3.org/2000/svghttp://www.w3.org/2000/svg
Showing 1 to 10 of 30 rows
Rows per page:

Gain full insight into all external connections.

Upgrade for full visibility.

Sign In
No IP addresses found
Version
Size
Is Malicious
Findings
Permhash
2.5
Latest
1.00 MB
Benign
—
9a4a566028e6ab812b46013199f495f26f9bdc3bee0743ddfbdf6037f2978b0f
2.4
1.00 MB
Benign
—
9a4a566028e6ab812b46013199f495f26f9bdc3bee0743ddfbdf6037f2978b0f
2.6
1.00 MB
Malicious
3N/A
Showing 1 to 3 of 10 rows
Rows per page:

Code Diff

Compare extension code between any two versions.

0 changed files (scanned top 25 shared text files)

No comparable text files found between these versions.

Browse and explore files within this extension package

Gain full insight into all external connections.

Upgrade for full visibility.

Sign In