Security Warning: High Security Risk

Automated analysis found severe security findings in this version. Review the Security Analysis tab before trusting this extension.Extension: PreConnect

HIGH RISK

PreConnect

ID: fcfkbdogaciifaihbfhnaijfhdcjokca

Supported Languages

🇺🇸English

Extension Info & Metadata

Status

Active

Version

1.6.6.15061

Size

14.25 MB

Rating

0.0/5

Reviews

Users

1,000

Type

Extension

Updated

Jun 12, 2026

Publisher Contextual Analysis

Author: preconnect.appView Profile
Privacy: Privacy Policy
Help: Help Center
MX records exist: Yes
Domain exists: Yes
Is disposable: No
Is role-based: No
Mailbox exists: Yes

Total Extensions

Active

Obsolete

Listed

Unlisted

Total Users

1,000

PreConnect as a Chrome extension for BRACU students.

PreConnect is a lightweight Chrome extension for BRAC University students that makes login and access faster, smoother, and easier from the browser. It helps you: - Sign in through the extension-hosted PreConnect app - Keep your browser flow connected without switching between tools - Access PreConnect features in a mobile app interface - Stay focused with a simple, student-first experience PreConnect is built for BRACU students who want a quick and reliable way to use the app directly from Chrome.

User Growth

Showing data from Apr 27, 2026 to Jun 12, 2026

Versions

No change in user count

Compared to 2 months ago

10 versions released in this period

Rating Count

Total: 0 ratings

Average Rating

Current: 0.00 / 5.0

Item	Type	Severity	Description
scripting	Permission	Critical	This permission allows injection and execution of JavaScript on any webpage. Rated Critical because it can modify page content, steal sensitive data, and inject malicious code into any site the extension has access to.
<all_urls>	Host	Critical	Broad host access — the extension can read/modify content on every website.
cookies	Permission	High	This permission provides full access to read and modify browser cookies. Rated High because it can steal session tokens, modify authentication cookies, and compromise accounts across websites.
webNavigation	Permission	High	This permission enables monitoring of all browser navigation events and transitions. Rated High because it can track every page visit, navigation method, and browsing pattern, potentially exposing sensitive browsing behavior and user activities.
Contextual Risk Factors	Risk Factor	High	The following context increases the overall risk:• 25% increase: Unsafe code evaluation capabilities increase attack surface
Broad Host Permissions	Risk Factor	High	This extension has broad host permissions allowing it to access many or all websites.
Broad Content Script Access	Risk Factor	High	This extension can inject scripts into any website.
Unsafe WebAssembly Execution	Risk Factor	High	This extension's CSP allows "wasm-unsafe-eval".
unlimitedStorage	Permission	Medium	This permission removes storage quota restrictions. Rated Medium because it can store large amounts of user data without limits, potentially impacting browser performance and storing extensive tracking data.
storage	Permission	Medium	This permission allows storing data locally in the browser. Rated Medium because it can persist sensitive user data, track user activities over time, and potentially store malicious payloads.
tabs	Permission	Medium	This permission enables tab management and monitoring. Rated Medium because it can track open tabs, access tab metadata, and monitor user browsing patterns.
alarms	Permission	Low	This permission schedules periodic tasks. Rated Low because it can only trigger events at specified times without access to sensitive data.
sidePanel	Permission	Low	This permission adds custom panels to the browser interface. Rated Low because it only affects browser UI elements and cannot access page content.
contextMenus	Permission	Low	This permission adds items to browser context menus. Rated Medium because it only modifies right-click menus without access to page content.
notifications	Permission	Low	This permission displays system notifications. Rated Low because it can only show user-visible notifications without accessing system data.
commands	Permission	Unknown	No classification available for this permission.

The bundled manifest declares 11 permissions including sensitive capabilities (cookies, scripting, unlimitedStorage) and `<all_urls>` host access, whereas the CWS-published manifest lists only 3 permissions (storage, tabs, webNavigation) and restricts host access to specific BRACU and preconnect.app domains. This means Google's CWS security review evaluated a substantially narrower permission set than what is actually installed on users' browsers. The extension only uses these permissions for BRACU-specific functionality in the code reviewed, but the underdeclared permissions to CWS are a misrepresentation of the extension's true capabilities.

manifest.json (Line 22)

"permissions": [    "alarms",    "cookies",    "sidePanel",    "commands",    "contextMenus",    "notifications",    "scripting",    "unlimitedStorage",    "storage",    "tabs",    "webNavigation"  ],  ...  "host_permissions": [    "<all_urls>"  ]

By severity

Critical0

High1

Medium0

Low0

Versions scanned

None of the 10 scanned versions have more than one unique code-review finding. Counts are unique findings that include each version.

Extension Version	Code Review Findings
No versions with more than one unique code-review finding in this extension's history.

Extension Version	Code Review Findings
No versions with multiple unique findings.

Files with findings

1 distinct path — top paths by unique finding count:

manifest.json1

S.No.	Category	Severity	File	Summary	Found in Version
1	Other	high	manifest.json (line 22)	The bundled manifest declares 11 permissions including sensitive capabilities (cookies, scripting, unlimitedStorage) and `<all_urls>` host access, whereas the CWS-published manifest lists only 3 permissions (storage, …	1.6.6.15061

URLs

IPv4

IPv6

URLs

View the external URLs this extension communicates with to understand its network activity and data interactions.

Gain full insight into all external connections.

Upgrade for full visibility.


github.com	/flutter/flutter/issues/156910%60	https://github.com/flutter/flutter/issues/156910`
connect.bracu.ac.bd	-	https://connect.bracu.ac.bd/
sso.bracu.ac.bd	/realms/bracu/protocol/openid-connect/	https://sso.bracu.ac.bd/realms/bracu/protocol/openid-connect/
connect.bracu.ac.bd	/api/ns/notifications/recent	https://connect.bracu.ac.bd/api/ns/notifications/recent
sso.bracu.ac.bd	/realms/bracu/protocol/openid-connect/auth	https://sso.bracu.ac.bd/realms/bracu/protocol/openid-connect/auth?client_id=slm&redirect_uri=
sso.bracu.ac.bd	/realms/bracu/protocol/openid-connect/logout	https://sso.bracu.ac.bd/realms/bracu/protocol/openid-connect/logout
connect.bracu.ac.bd	/student/profile/overview	https://connect.bracu.ac.bd/student/profile/overview
sso.bracu.ac.bd	/realms/bracu/protocol/openid-connect/token	https://sso.bracu.ac.bd/realms/bracu/protocol/openid-connect/token
api.flutter.dev	/flutter/material/Scaffold/of.html	https://api.flutter.dev/flutter/material/Scaffold/of.html
connect.bracu.ac.bd	/api	https://connect.bracu.ac.bd/api

Showing 1 to 10 of 80 rows

Rows per page:

Gain full insight into all external connections.

Upgrade for full visibility.


120.0.0.0	IPv4	-
172.16.0.111	IPv4	-

Version	Size	Is Malicious	Findings	Permhash
1.6.6.15061 Latest	14.25 MB	Malicious	1	5d6e38b8cd1c20999cc1a4fa72c9dc9bfbd2bfc42eec8c4cf357dc9703187e07
1.6.6.15060	14.21 MB	Benign	—	5d6e38b8cd1c20999cc1a4fa72c9dc9bfbd2bfc42eec8c4cf357dc9703187e07
1.6.5.15056	14.21 MB	Benign	—	5d6e38b8cd1c20999cc1a4fa72c9dc9bfbd2bfc42eec8c4cf357dc9703187e07
1.6.5.15050	14.22 MB	Benign	—	5d6e38b8cd1c20999cc1a4fa72c9dc9bfbd2bfc42eec8c4cf357dc9703187e07
1.6.5.15038	14.22 MB	Benign	—	5d6e38b8cd1c20999cc1a4fa72c9dc9bfbd2bfc42eec8c4cf357dc9703187e07
1.6.5.15036	14.21 MB	Benign	—	5d6e38b8cd1c20999cc1a4fa72c9dc9bfbd2bfc42eec8c4cf357dc9703187e07
1.6.5.15027	12.79 MB	Benign	—	5d6e38b8cd1c20999cc1a4fa72c9dc9bfbd2bfc42eec8c4cf357dc9703187e07
1.6.4.202605026	12.67 MB	Benign	—	fdfcfed2e5118e19d589467666718cfc7d66adfe4a48d8f516129ce1ecc4020b
1.6.1	12.41 MB	Benign	—	fdfcfed2e5118e19d589467666718cfc7d66adfe4a48d8f516129ce1ecc4020b
1.6.0	12.35 MB	Benign	—	d35e9f7c67c66b578184d7c0680501a14961427d3bf41d78b1e5deb7b9f4f9f7

Showing 1 to 10 of 10 rows

Rows per page:

Code Diff

Compare extension code between any two versions.

0 changed files (scanned top 25 shared text files)

No comparable text files found between these versions.

Browse and explore files within this extension package

Gain full insight into all external connections.

Upgrade for full visibility.

Security Warning: High Security Risk

PreConnect

Supported Languages

Extension Info & Metadata

Publisher Contextual Analysis

Chrome Web Store Metadata

Screenshots & Videos

About this extension

Analytics & Metrics

User Growth

Rating Count

Average Rating

Static Code Security Analysis

Manifest File Security Analysis

Code Analysis

Code Review Findings Summary Across 10 Versions1

Versions scanned

Files with findings

Extracted Indicators (URLs and IPs)

URLs

Contextual Analysis

Version History

Version-to-Version Code Diff

Code Diff

Extension Files

User Growth

Rating Count

Average Rating

Security Warning: High Security Risk

PreConnect

Supported Languages

Extension Info & Metadata

Publisher Contextual Analysis

Chrome Web Store Metadata

Screenshots & Videos

About this extension

Analytics & Metrics

User Growth

Rating Count

Average Rating

Static Code Security Analysis

Manifest File Security Analysis

Code Analysis

Otherhighmanifest.json

Code Review Findings Summary Across 10 Versions1

Versions scanned

Files with findings

Extracted Indicators (URLs and IPs)

URLs

Contextual Analysis

Version History

Version-to-Version Code Diff

Code Diff

Extension Files

User Growth

Rating Count

Average Rating