Global risk score and grading system
The global risk score is calculated as a weighted average of 7 main domains:
| Domain | Weight | Description |
|---|---|---|
| Permissions | 30% | Permissions requested by the extension (low, medium, high, critical) |
| Vulnerabilities | 20% | Vulnerabilities detected in JavaScript libraries |
| Domains & URLs | 15% | Connections to malicious or suspicious domains |
| Tracking | 15% | User tracking behaviors |
| Cross-Origin | 10% | Cross-origin security policies |
| Documentation | 5% | Documentation quality (homepage, email, privacy policy, etc.) |
| Obfuscation | 5% | Obfuscated or minified code |
Base Formula
Global Score = (Permissions × 0.30) + (Vulnerabilities × 0.20) + (Domains × 0.15) +
(Tracking × 0.15) + (Cross-Origin × 0.10) + (Documentation × 0.05) +
(Obfuscation × 0.05) + Permission Combinations Bonus
Permission Combinations Bonus
- +5 points if the extension contains low-risk permission combinations
- +10 points if the extension contains medium-risk permission combinations
- +15 points if the extension contains high-risk permission combinations
- +20 points if the extension contains critical-risk permission combinations
Score Ranges and Grades
| Grade | Score Range | Description |
|---|---|---|
| A+ | 0-20 | Excellent risk profile |
| A | 21-50 | Very good risk profile |
| B | 51-80 | Good risk profile |
| C | 81-130 | Moderate risk profile |
| D | 131-180 | Concerning risk profile |
| E | 181-230 | High risk profile |
| F | >230 | Critical risk profile |