Risk score per domain

Detailed breakdown of all 7 scoring domains used in the risk evaluation

1. Permissions Score (25%)

Permissions are classified by risk level with specific point values:

Risk Level	Penalty Points
LOW	5
MEDIUM	10
HIGH	15

Calculation Formula

Permissions Score = Σ(Points per permission according to its level)

Examples

Extension with 3 LOW permissions: 3 × 5 = 15 points
Extension with 2 MEDIUM + 1 HIGH: (2 × 10) + (1 × 15) = 35 points

Permission Risk Classification

Permission	Risk Level
debugger	HIGH
experimental	HIGH
privacy	HIGH
proxy	HIGH
cookies	HIGH
webRequest	HIGH
webRequestBlocking	HIGH
declarativeWebRequest	HIGH
desktopCapture	HIGH
tabCapture	HIGH
clipboardRead	HIGH
vpnProvider	HIGH
history	HIGH
scripting	HIGH
<all_urls>	HIGH
file:///	HIGH
:///*	HIGH
nativeMessaging	MEDIUM
displaySource	MEDIUM
webRequestAuthProvider	MEDIUM
tabs	MEDIUM
tabGroups	MEDIUM
clipboardWrite	MEDIUM
contentSettings	MEDIUM
declarativeNetRequest	MEDIUM
declarativeNetRequestFeedback	MEDIUM
declarativeNetRequestWithHostAccess	MEDIUM
bookmarks	MEDIUM
downloads	MEDIUM
downloads.open	MEDIUM
downloads.ui	MEDIUM
geolocation	MEDIUM
identity	MEDIUM
management	MEDIUM
webNavigation	MEDIUM
dns	MEDIUM
pageCapture	MEDIUM
processes	MEDIUM
http:///	MEDIUM
https:///	MEDIUM
accessibilityFeatures.modify	LOW
accessibilityFeatures.read	LOW
activeTab	LOW
alarms	LOW
audio	LOW
background	LOW
browsingData	LOW
certificateProvider	LOW
contextMenus	LOW
declarativeContent	LOW
documentScan	LOW
enterprise.deviceAttributes	LOW
enterprise.hardwarePlatform	LOW
enterprise.networkingAttributes	LOW
enterprise.platformKeys	LOW
favicon	LOW
fileBrowserHandler	LOW
fileSystemProvider	LOW
fontSettings	LOW
gcm	LOW
idle	LOW
identity.email	LOW
loginState	LOW
notifications	LOW
offscreen	LOW
platformKeys	LOW
power	LOW
printerProvider	LOW
printing	LOW
printingMetrics	LOW
readingList	LOW
runtime	LOW
search	LOW
sessions	LOW
sidePanel	LOW
storage	LOW
system.cpu	LOW
system.display	LOW
system.memory	LOW
system.storage	LOW
topSites	LOW
tts	LOW
ttsEngine	LOW
unlimitedStorage	LOW
wallpaper	LOW
webAuthenticationProxy	LOW
://.{domain}/*	LOW

2. Vulnerabilities Score (25%)

Vulnerabilities are detected in third-party JavaScript libraries and scored according to their severity:

Severity	Points per Vulnerability
Critical	100 points
High	75 points
Medium	50 points
Low	25 points

Calculation Formula

Vulnerabilities Score = (Critical × 100) + (High × 75) + (Medium × 50) + (Low × 25)

Example

Extension with 1 Critical + 2 Medium vulnerabilities:

(1 × 100) + (2 × 50) = 200 points

3. Tracking Score (15%)

The system detects 10 types of tracking behaviors:

Browser Fingerprinting - Browser fingerprinting techniques
Navigation Tracking - Navigation behavior monitoring
Input Monitoring - User input surveillance
History Collection - Browsing history collection
Cookie Tracking - Cookie-based tracking
Analytics - Analytics services
Behavior Tracking - User behavior tracking
Cross-Site Tracking - Cross-site tracking
Location Tracking - Geographic location tracking
Social Tracking - Social media tracking

Score Calculation

Risk Level	Points per Behavior
High	1.0 point
Medium	0.5 point
Low	0.1 point

Calculation Formula

Tracking Score = (High × 1.0) + (Medium × 0.5) + (Low × 0.1)

Example

Extension with 5 High + 3 Medium behaviors:

(5 × 1.0) + (3 × 0.5) = 6.5 points

4. Documentation Score (5%)

The system checks for the presence of 3 documentation elements:

Missing Element	Penalty Points
Homepage URL	5 points
Developer Email	5 points
Privacy Policy	5 points

Calculation Formula

Documentation Score = (Missing elements × 5) × 6.67

The 6.67 factor normalizes the score to an appropriate scale.

Examples

Complete extension (0 missing): 0 × 5 × 6.67 = 0 points
Extension without email or privacy policy: 2 × 5 × 6.67 = 67 points
Extension with all missing: 3 × 5 × 6.67 = 100 points

5. Domains & URLs Score (15%)

The system analyzes URLs and domains found in the extension and checks them against a dynamic malicious domain database.

Detection Type	Penalty Points
Malicious Domain Found	100

Scoring Method

Suspicious Domains Score = Number of Malicious Domains × 100

Examples:

1 malicious domain detected: 100 points
3 malicious domains detected: 300 points
10 malicious domains detected: 1,000 points
No maximum limit

6. Cross-Origin Score (10%)

The system analyzes the security policies found in the manifest.

Content Security Policy (CSP)

Risk Level	Condition	Penalty Points
LOW	No dangerous directives detected	0
MEDIUM	Presence of dangerous directives with 'self' restriction	25
HIGH	Presence of dangerous directives without 'self' restriction	50

Cross-Origin Embedder Policy (COEP)

Risk Level	Condition	Penalty Points
LOW	No dangerous directives detected	0
MEDIUM	Value different from "require-corp"	10
HIGH	No COEP policy defined	25

Cross-Origin Opener Policy (COOP)

Risk Level	Condition	Penalty Points
LOW	No dangerous directives detected	0
MEDIUM	Value different from "same-origin"	10
HIGH	No COOP policy defined	25

7. Obfuscation Score (5%)

The system detects several obfuscation techniques:

Detected Techniques

Technique	Base Points
eval() usage	25 points
Base64 encoding	20 points
High entropy strings	20 points
Hex encoding	15 points
Unicode escape	15 points
String concatenation	10 points
Minification	5 points
Suspicious patterns	15 points

Calculation per File

For each obfuscated file:

File Score = Σ(Technique points × log(occurrences + 1))

Final Obfuscation Score

Obfuscation Score = Average of obfuscated files scores

Risk score per domain

Detailed breakdown of all 7 scoring domains used in the risk evaluation

1. Permissions Score (25%)

Permissions are classified by risk level with specific point values:

Risk Level	Penalty Points
LOW	5
MEDIUM	10
HIGH	15

Calculation Formula

Permissions Score = Σ(Points per permission according to its level)

Examples

Extension with 3 LOW permissions: 3 × 5 = 15 points
Extension with 2 MEDIUM + 1 HIGH: (2 × 10) + (1 × 15) = 35 points

Permission Risk Classification

Permission	Risk Level
debugger	HIGH
experimental	HIGH
privacy	HIGH
proxy	HIGH
cookies	HIGH
webRequest	HIGH
webRequestBlocking	HIGH
declarativeWebRequest	HIGH
desktopCapture	HIGH
tabCapture	HIGH
clipboardRead	HIGH
vpnProvider	HIGH
history	HIGH
scripting	HIGH
<all_urls>	HIGH
file:///	HIGH
:///*	HIGH
nativeMessaging	MEDIUM
displaySource	MEDIUM
webRequestAuthProvider	MEDIUM
tabs	MEDIUM
tabGroups	MEDIUM
clipboardWrite	MEDIUM
contentSettings	MEDIUM
declarativeNetRequest	MEDIUM
declarativeNetRequestFeedback	MEDIUM
declarativeNetRequestWithHostAccess	MEDIUM
bookmarks	MEDIUM
downloads	MEDIUM
downloads.open	MEDIUM
downloads.ui	MEDIUM
geolocation	MEDIUM
identity	MEDIUM
management	MEDIUM
webNavigation	MEDIUM
dns	MEDIUM
pageCapture	MEDIUM
processes	MEDIUM
http:///	MEDIUM
https:///	MEDIUM
accessibilityFeatures.modify	LOW
accessibilityFeatures.read	LOW
activeTab	LOW
alarms	LOW
audio	LOW
background	LOW
browsingData	LOW
certificateProvider	LOW
contextMenus	LOW
declarativeContent	LOW
documentScan	LOW
enterprise.deviceAttributes	LOW
enterprise.hardwarePlatform	LOW
enterprise.networkingAttributes	LOW
enterprise.platformKeys	LOW
favicon	LOW
fileBrowserHandler	LOW
fileSystemProvider	LOW
fontSettings	LOW
gcm	LOW
idle	LOW
identity.email	LOW
loginState	LOW
notifications	LOW
offscreen	LOW
platformKeys	LOW
power	LOW
printerProvider	LOW
printing	LOW
printingMetrics	LOW
readingList	LOW
runtime	LOW
search	LOW
sessions	LOW
sidePanel	LOW
storage	LOW
system.cpu	LOW
system.display	LOW
system.memory	LOW
system.storage	LOW
topSites	LOW
tts	LOW
ttsEngine	LOW
unlimitedStorage	LOW
wallpaper	LOW
webAuthenticationProxy	LOW
://.{domain}/*	LOW

2. Vulnerabilities Score (25%)

Vulnerabilities are detected in third-party JavaScript libraries and scored according to their severity:

Severity	Points per Vulnerability
Critical	100 points
High	75 points
Medium	50 points
Low	25 points

Calculation Formula

Vulnerabilities Score = (Critical × 100) + (High × 75) + (Medium × 50) + (Low × 25)

Example

Extension with 1 Critical + 2 Medium vulnerabilities:

(1 × 100) + (2 × 50) = 200 points

3. Tracking Score (15%)

The system detects 10 types of tracking behaviors:

Browser Fingerprinting - Browser fingerprinting techniques
Navigation Tracking - Navigation behavior monitoring
Input Monitoring - User input surveillance
History Collection - Browsing history collection
Cookie Tracking - Cookie-based tracking
Analytics - Analytics services
Behavior Tracking - User behavior tracking
Cross-Site Tracking - Cross-site tracking
Location Tracking - Geographic location tracking
Social Tracking - Social media tracking

Score Calculation

Risk Level	Points per Behavior
High	1.0 point
Medium	0.5 point
Low	0.1 point

Calculation Formula

Tracking Score = (High × 1.0) + (Medium × 0.5) + (Low × 0.1)

Example

Extension with 5 High + 3 Medium behaviors:

(5 × 1.0) + (3 × 0.5) = 6.5 points

4. Documentation Score (5%)

The system checks for the presence of 3 documentation elements:

Missing Element	Penalty Points
Homepage URL	5 points
Developer Email	5 points
Privacy Policy	5 points

Calculation Formula

Documentation Score = (Missing elements × 5) × 6.67

The 6.67 factor normalizes the score to an appropriate scale.

Examples

Complete extension (0 missing): 0 × 5 × 6.67 = 0 points
Extension without email or privacy policy: 2 × 5 × 6.67 = 67 points
Extension with all missing: 3 × 5 × 6.67 = 100 points

5. Domains & URLs Score (15%)

The system analyzes URLs and domains found in the extension and checks them against a dynamic malicious domain database.

Detection Type	Penalty Points
Malicious Domain Found	100

Scoring Method

Suspicious Domains Score = Number of Malicious Domains × 100

Examples:

1 malicious domain detected: 100 points
3 malicious domains detected: 300 points
10 malicious domains detected: 1,000 points
No maximum limit

6. Cross-Origin Score (10%)

The system analyzes the security policies found in the manifest.

Content Security Policy (CSP)

Risk Level	Condition	Penalty Points
LOW	No dangerous directives detected	0
MEDIUM	Presence of dangerous directives with 'self' restriction	25
HIGH	Presence of dangerous directives without 'self' restriction	50

Cross-Origin Embedder Policy (COEP)

Risk Level	Condition	Penalty Points
LOW	No dangerous directives detected	0
MEDIUM	Value different from "require-corp"	10
HIGH	No COEP policy defined	25

Cross-Origin Opener Policy (COOP)

Risk Level	Condition	Penalty Points
LOW	No dangerous directives detected	0
MEDIUM	Value different from "same-origin"	10
HIGH	No COOP policy defined	25

7. Obfuscation Score (5%)

The system detects several obfuscation techniques:

Detected Techniques

Technique	Base Points
eval() usage	25 points
Base64 encoding	20 points
High entropy strings	20 points
Hex encoding	15 points
Unicode escape	15 points
String concatenation	10 points
Minification	5 points
Suspicious patterns	15 points

Calculation per File

For each obfuscated file:

File Score = Σ(Technique points × log(occurrences + 1))

Final Obfuscation Score

Obfuscation Score = Average of obfuscated files scores