From ae2e7322545f3eda7086085e6f5e4d58f11863cc Mon Sep 17 00:00:00 2001 From: Stanzin Date: Tue, 21 Apr 2026 23:07:34 -0500 Subject: [PATCH] Reposition ExtensionShield SEO content --- .github/workflows/seo-test.yml | 3 +- .gitignore | 1 + frontend/.nvmrc | 3 +- frontend/package-lock.json | 4 +- frontend/package.json | 4 +- frontend/public/sitemap.xml | 214 +++++++-- frontend/src/App.jsx | 1 + .../components/home/DevOpenCoreSection.jsx | 9 +- .../home/HowWeProtectYouSection.jsx | 6 +- frontend/src/data/blogPosts.js | 441 ++++++++++++++++-- frontend/src/nav/navigation.js | 28 +- frontend/src/pages/EnterprisePage.jsx | 9 +- frontend/src/pages/HomePage.jsx | 45 +- frontend/src/pages/blog/BlogIndexPage.jsx | 8 +- .../pages/compare/CompareCrxcavatorPage.jsx | 2 +- .../pages/compare/CompareCrxplorerPage.jsx | 2 +- .../compare/CompareExtensionAuditorPage.jsx | 2 +- .../src/pages/compare/CompareIndexPage.jsx | 11 +- .../src/pages/compare/CompareSpinAiPage.jsx | 75 +++ .../BrowserExtensionRiskAssessmentPage.jsx | 1 + .../ChromeExtensionSecurityScannerPage.jsx | 9 +- .../landing/CrxcavatorAlternativePage.jsx | 2 +- .../pages/landing/ExtensionGovernancePage.jsx | 84 ++++ .../landing/ExtensionPermissionsPage.jsx | 101 ++++ .../pages/landing/ExtensionRiskScorePage.jsx | 87 ++++ .../pages/landing/ExtensionSecurityPage.jsx | 106 +++++ .../src/pages/reports/ReportDetailPage.jsx | 2 +- .../src/pages/research/MethodologyPage.jsx | 13 +- frontend/src/routes/routes.jsx | 309 +++++++++++- 29 files changed, 1409 insertions(+), 173 deletions(-) create mode 100644 frontend/src/pages/compare/CompareSpinAiPage.jsx create mode 100644 frontend/src/pages/landing/ExtensionGovernancePage.jsx create mode 100644 frontend/src/pages/landing/ExtensionPermissionsPage.jsx create mode 100644 frontend/src/pages/landing/ExtensionRiskScorePage.jsx create mode 100644 frontend/src/pages/landing/ExtensionSecurityPage.jsx diff --git a/.github/workflows/seo-test.yml b/.github/workflows/seo-test.yml index 069657f0..1a0629b7 100644 --- a/.github/workflows/seo-test.yml +++ b/.github/workflows/seo-test.yml @@ -24,7 +24,7 @@ jobs: - name: Setup Node.js uses: actions/setup-node@v4 with: - node-version: '18' + node-version: '20' cache: 'npm' cache-dependency-path: frontend/package-lock.json @@ -72,4 +72,3 @@ jobs: repo: context.repo.repo, body: body }); - diff --git a/.gitignore b/.gitignore index ae115862..758194c3 100644 --- a/.gitignore +++ b/.gitignore @@ -150,6 +150,7 @@ celerybeat.pid .env.local .env.*.local .venv +env env/ venv/ ENV/ diff --git a/frontend/.nvmrc b/frontend/.nvmrc index 35f49783..5bd68117 100644 --- a/frontend/.nvmrc +++ b/frontend/.nvmrc @@ -1,2 +1 @@ -20 - +20.19.0 diff --git a/frontend/package-lock.json b/frontend/package-lock.json index 77a4698d..80d0eb3f 100644 --- a/frontend/package-lock.json +++ b/frontend/package-lock.json @@ -49,11 +49,11 @@ "tailwind-merge": "^3.4.0", "tailwindcss": "^4.1.18", "tailwindcss-animate": "^1.0.7", - "vite": "^7.3.2", + "vite": "7.3.2", "vitest": "^3.2.4" }, "engines": { - "node": ">=18.0.0" + "node": ">=20.19.0" } }, "node_modules/@adobe/css-tools": { diff --git a/frontend/package.json b/frontend/package.json index cf464932..15f026b7 100644 --- a/frontend/package.json +++ b/frontend/package.json @@ -6,7 +6,7 @@ "author": "Stanzin", "license": "MIT", "engines": { - "node": ">=18.0.0" + "node": ">=20.19.0" }, "scripts": { "dev": "vite", @@ -72,7 +72,7 @@ "tailwind-merge": "^3.4.0", "tailwindcss": "^4.1.18", "tailwindcss-animate": "^1.0.7", - "vite": "^7.3.2", + "vite": "7.3.2", "vitest": "^3.2.4" }, "overrides": { diff --git a/frontend/public/sitemap.xml b/frontend/public/sitemap.xml index 24f809dc..c225e4d5 100644 --- a/frontend/public/sitemap.xml +++ b/frontend/public/sitemap.xml @@ -2,211 +2,349 @@ https://extensionshield.com/ - 2026-04-04T07:06:16.970Z + 2026-04-22T04:05:55.360Z weekly 1.0 https://extensionshield.com/about - 2026-04-04T07:06:16.970Z + 2026-04-22T04:05:55.360Z monthly 0.7 https://extensionshield.com/blog - 2026-04-04T07:06:16.970Z + 2026-04-22T04:05:55.360Z weekly 0.8 - https://extensionshield.com/blog/enterprise-browser-extension-risk-management - 2026-04-04T07:06:16.970Z + https://extensionshield.com/blog/all-urls-chrome-extension-permission + 2026-04-22T04:05:55.360Z monthly 0.6 - https://extensionshield.com/blog/how-to-audit-chrome-extension-before-installing - 2026-04-04T07:06:16.970Z + https://extensionshield.com/blog/audit-crx-zip-before-release + 2026-04-22T04:05:55.360Z monthly 0.6 - https://extensionshield.com/blog/how-to-detect-malicious-chrome-extensions - 2026-04-04T07:06:16.970Z + https://extensionshield.com/blog/best-chrome-extension-security-scanner-tools-2026 + 2026-04-22T04:05:55.360Z + monthly + 0.6 + + + https://extensionshield.com/blog/browser-extension-compliance-checklist + 2026-04-22T04:05:55.360Z + monthly + 0.6 + + + https://extensionshield.com/blog/browser-extension-supply-chain-attacks + 2026-04-22T04:05:55.360Z + monthly + 0.6 + + + https://extensionshield.com/blog/can-chrome-extensions-steal-cookies-sessions + 2026-04-22T04:05:55.360Z + monthly + 0.6 + + + https://extensionshield.com/blog/can-chrome-extensions-steal-data + 2026-04-22T04:05:55.360Z + monthly + 0.6 + + + https://extensionshield.com/blog/chrome-extension-allowlist-policy + 2026-04-22T04:05:55.360Z + monthly + 0.6 + + + https://extensionshield.com/blog/chrome-extension-scanner-vs-governance-platform + 2026-04-22T04:05:55.360Z + monthly + 0.6 + + + https://extensionshield.com/blog/chrome-web-store-ratings-do-not-prove-extension-safety + 2026-04-22T04:05:55.360Z + monthly + 0.6 + + + https://extensionshield.com/blog/crxcavator-vs-extensionshield-2026 + 2026-04-22T04:05:55.360Z + monthly + 0.6 + + + https://extensionshield.com/blog/crxplorer-vs-extensionshield + 2026-04-22T04:05:55.360Z + monthly + 0.6 + + + https://extensionshield.com/blog/dangerous-chrome-extension-permissions + 2026-04-22T04:05:55.360Z + monthly + 0.6 + + + https://extensionshield.com/blog/extension-auditor-vs-extensionshield + 2026-04-22T04:05:55.360Z + monthly + 0.6 + + + https://extensionshield.com/blog/extension-security-scoring-explained + 2026-04-22T04:05:55.360Z + monthly + 0.6 + + + https://extensionshield.com/blog/how-hackers-use-browser-extensions-to-steal-data + 2026-04-22T04:05:55.360Z + monthly + 0.6 + + + https://extensionshield.com/blog/how-to-check-if-chrome-extension-is-safe + 2026-04-22T04:05:55.360Z + monthly + 0.6 + + + https://extensionshield.com/blog/manifest-v3-extension-security + 2026-04-22T04:05:55.360Z + monthly + 0.6 + + + https://extensionshield.com/blog/read-and-change-all-your-data-extension-permission + 2026-04-22T04:05:55.360Z + monthly + 0.6 + + + https://extensionshield.com/blog/spin-ai-vs-extensionshield + 2026-04-22T04:05:55.360Z + monthly + 0.6 + + + https://extensionshield.com/blog/top-risky-chrome-extensions-2026 + 2026-04-22T04:05:55.360Z monthly 0.6 https://extensionshield.com/browser-extension-risk-assessment - 2026-04-04T07:06:16.970Z + 2026-04-22T04:05:55.360Z monthly 0.8 https://extensionshield.com/careers - 2026-04-04T07:06:16.970Z + 2026-04-22T04:05:55.360Z monthly 0.8 https://extensionshield.com/careers/apply - 2026-04-04T07:06:16.970Z + 2026-04-22T04:05:55.360Z monthly 0.6 https://extensionshield.com/chrome-extension-permissions - 2026-04-04T07:06:16.970Z + 2026-04-22T04:05:55.360Z monthly 0.8 https://extensionshield.com/chrome-extension-security-scanner - 2026-04-04T07:06:16.970Z + 2026-04-22T04:05:55.360Z monthly 0.8 https://extensionshield.com/community - 2026-04-04T07:06:16.970Z + 2026-04-22T04:05:55.360Z monthly 0.7 https://extensionshield.com/compare - 2026-04-04T07:06:16.970Z + 2026-04-22T04:05:55.360Z monthly 0.8 https://extensionshield.com/compare/crxcavator - 2026-04-04T07:06:16.970Z + 2026-04-22T04:05:55.360Z monthly 0.7 https://extensionshield.com/compare/crxplorer - 2026-04-04T07:06:16.970Z + 2026-04-22T04:05:55.360Z monthly 0.7 https://extensionshield.com/compare/extension-auditor - 2026-04-04T07:06:16.970Z + 2026-04-22T04:05:55.360Z + monthly + 0.7 + + + https://extensionshield.com/compare/spin-ai + 2026-04-22T04:05:55.360Z monthly 0.7 https://extensionshield.com/contribute - 2026-04-04T07:06:16.970Z + 2026-04-22T04:05:55.360Z monthly 0.6 https://extensionshield.com/crxcavator-alternative - 2026-04-04T07:06:16.970Z + 2026-04-22T04:05:55.360Z monthly 0.8 https://extensionshield.com/enterprise - 2026-04-04T07:06:16.970Z + 2026-04-22T04:05:55.360Z monthly 0.8 + + https://extensionshield.com/extension-governance + 2026-04-22T04:05:55.360Z + monthly + 0.9 + + + https://extensionshield.com/extension-permissions + 2026-04-22T04:05:55.360Z + monthly + 0.8 + + + https://extensionshield.com/extension-risk-score + 2026-04-22T04:05:55.360Z + monthly + 0.8 + + + https://extensionshield.com/extension-security + 2026-04-22T04:05:55.360Z + monthly + 0.9 + https://extensionshield.com/glossary - 2026-04-04T07:06:16.970Z + 2026-04-22T04:05:55.360Z monthly 0.7 https://extensionshield.com/gsoc/ideas - 2026-04-04T07:06:16.970Z + 2026-04-22T04:05:55.360Z monthly 0.7 https://extensionshield.com/is-this-chrome-extension-safe - 2026-04-04T07:06:16.970Z + 2026-04-22T04:05:55.360Z monthly 0.9 https://extensionshield.com/open-source - 2026-04-04T07:06:16.970Z + 2026-04-22T04:05:55.360Z monthly 0.7 https://extensionshield.com/open-source/programs - 2026-04-04T07:06:16.970Z + 2026-04-22T04:05:55.360Z monthly 0.7 https://extensionshield.com/privacy-policy - 2026-04-04T07:06:16.970Z + 2026-04-22T04:05:55.360Z monthly 0.5 https://extensionshield.com/research - 2026-04-04T07:06:16.970Z + 2026-04-22T04:05:55.360Z weekly 0.8 https://extensionshield.com/research/benchmarks - 2026-04-04T07:06:16.970Z + 2026-04-22T04:05:55.360Z monthly 0.7 https://extensionshield.com/research/case-studies - 2026-04-04T07:06:16.970Z + 2026-04-22T04:05:55.360Z weekly 0.8 https://extensionshield.com/research/case-studies/fake-ad-blockers - 2026-04-04T07:06:16.970Z + 2026-04-22T04:05:55.360Z monthly 0.7 https://extensionshield.com/research/case-studies/honey - 2026-04-04T07:06:16.970Z + 2026-04-22T04:05:55.360Z monthly 0.7 https://extensionshield.com/research/case-studies/pdf-converters - 2026-04-04T07:06:16.970Z + 2026-04-22T04:05:55.360Z monthly 0.7 https://extensionshield.com/research/methodology - 2026-04-04T07:06:16.970Z + 2026-04-22T04:05:55.360Z monthly 0.7 https://extensionshield.com/scan - 2026-04-04T07:06:16.970Z + 2026-04-22T04:05:55.360Z weekly 0.9 https://extensionshield.com/scan/history - 2026-04-04T07:06:16.970Z + 2026-04-22T04:05:55.360Z weekly 0.7 https://extensionshield.com/scan/upload - 2026-04-04T07:06:16.970Z + 2026-04-22T04:05:55.360Z weekly 0.8 diff --git a/frontend/src/App.jsx b/frontend/src/App.jsx index 45b75a40..cca53c8b 100644 --- a/frontend/src/App.jsx +++ b/frontend/src/App.jsx @@ -518,6 +518,7 @@ function getRouteSegment(pathname) { if (pathname === "/") return "home"; if (pathname.startsWith("/scan")) return "scan"; if (pathname.startsWith("/research")) return "research"; + if (pathname.startsWith("/extension-")) return "resources"; if (pathname.startsWith("/open-source") || pathname.startsWith("/contribute") || pathname.startsWith("/glossary") || pathname.startsWith("/gsoc") || pathname.startsWith("/community") || pathname.startsWith("/about") || pathname.startsWith("/blog") || pathname.startsWith("/compare")) return "resources"; return "default"; } diff --git a/frontend/src/components/home/DevOpenCoreSection.jsx b/frontend/src/components/home/DevOpenCoreSection.jsx index 7695b53d..2ad9392f 100644 --- a/frontend/src/components/home/DevOpenCoreSection.jsx +++ b/frontend/src/components/home/DevOpenCoreSection.jsx @@ -8,10 +8,11 @@ import SecurityPipeline from "./SecurityPipeline"; import "./DevOpenCoreSection.scss"; const PILLS = [ + "Open-source core", "VirusTotal", "SAST", - "Rulepacks", "Evidence attached", + "Governance rulepacks", ]; export default function DevOpenCoreSection({ reducedMotion = false }) { @@ -35,11 +36,11 @@ export default function DevOpenCoreSection({ reducedMotion = false }) { transition={{ duration: 0.35, ease: [0.22, 1, 0.36, 1] }} >

- Developer Gate: pre-release Chrome extension audit + Open-source core. Governance where decisions happen.

-

Private build audit (Pro)

+

Private build audit for developers

- Upload a private CRX/ZIP before release. We flag risky patterns, attach evidence (file + rule), and suggest fixes. + Upload a private CRX/ZIP before release. ExtensionShield flags risky code, excessive permissions, privacy gaps, and policy issues with file-level evidence and fix guidance.

{PILLS.map((label) => ( diff --git a/frontend/src/components/home/HowWeProtectYouSection.jsx b/frontend/src/components/home/HowWeProtectYouSection.jsx index de494184..dd8067f0 100644 --- a/frontend/src/components/home/HowWeProtectYouSection.jsx +++ b/frontend/src/components/home/HowWeProtectYouSection.jsx @@ -142,13 +142,13 @@ export default function HowWeProtectYouSection() { transition={{ duration: 0.5, ease }} >

- Why a “safe” extension can turn risky + Why extension governance has to happen before install

- Most incidents happen after an update. We flag risky changes before release (Pro) and can monitor updates for teams (Enterprise). + Extensions can change through updates, ownership shifts, new permissions, and remote behavior. ExtensionShield gives teams evidence before install, before release, and before allowlisting.

- Batch scan every extension on your system and stay secure—no manual entry. + Scan, score, allow, block, monitor, or fix with one evidence-backed workflow.

), access to storage or cookies, and optional_host_permissions in Manifest V3. Our chrome extension permissions checker and chrome extension risk score give you a clear picture before you install." + heading: "Risk patterns to watch", + body: "Watch for all-site host access, history or cookie access, clipboard read permissions, excessive downloads or management access, and extensions whose stated purpose does not justify their permissions. A coupon tool, PDF converter, VPN, ad blocker, or productivity extension can be useful and still require careful review." }, { - heading: "Next steps", - body: "Paste any Chrome Web Store URL into ExtensionShield to get a chrome extension risk score, permission breakdown, and audit chrome extension security report in under a minute." + heading: "How ExtensionShield helps", + body: "Paste the Chrome Web Store URL into ExtensionShield to see a Security, Privacy, and Governance risk score before install. Use the report to review evidence instead of guessing from ratings alone." } ] }, { - slug: "how-to-audit-chrome-extension-before-installing", - title: "How to Audit a Chrome Extension Before Installing", - description: "Step-by-step guide to audit a chrome extension before installing: permissions, risk score, and how to check if a Chrome extension is safe using a browser extension security scanner.", - date: "2026-02", + slug: "dangerous-chrome-extension-permissions", + title: "What Permissions Are Dangerous in Chrome Extensions?", + description: "Dangerous Chrome extension permissions explained: all-site access, cookies, history, clipboard, scripting, webRequest, debugger, and risky combinations.", + date: "2026-04", + category: "Permissions", + sections: [ + { + heading: "Most dangerous permissions", + body: "High-risk permissions include all-site access, cookies, history, clipboardRead, debugger, downloads, management, scripting, webRequest, and broad tab access. These permissions are not always malicious, but they create a larger blast radius." + }, + { + heading: "Combinations matter", + body: "The most important question is how permissions combine. All-site access plus external network calls can enable data exfiltration. Cookie access plus host permissions can expose sensitive session context. Scripting plus broad host access can modify pages users trust." + }, + { + heading: "What to do before installing", + body: "Check whether the permission matches the feature. Then scan the extension so you can see code, network, and governance signals beyond the permission prompt." + } + ] + }, + { + slug: "can-chrome-extensions-steal-data", + title: "Can Chrome Extensions Steal Data? What Users and Teams Need to Know", + description: "Can Chrome extensions steal data? Learn how extension permissions, page access, cookies, clipboard access, and network calls can expose sensitive information.", + date: "2026-04", category: "Security", sections: [ { - heading: "Before you install", - body: "Auditing a chrome extension before installing reduces the risk of malware, spyware, and privacy violations. Use a browser extension security scanner to get a chrome extension risk score, review requested permissions, and check for known threats. ExtensionShield combines static analysis, VirusTotal, and governance signals so you can check if a Chrome extension is safe." + heading: "Yes, if permissions and behavior allow it", + body: "Chrome extensions can expose data when they have permission to read page content, access cookies or history, inspect tabs, read the clipboard, or send collected data to external servers. The risk depends on both permission scope and code behavior." }, { - heading: "What an audit should cover", - body: "A good audit covers: permission risk, code quality (SAST), obfuscation, external domains and data exfiltration signals, publisher reputation, and compliance with store policies. Our extension security analysis tool provides all of this in one report." + heading: "Common data paths", + body: "Sensitive data can appear in page content, form fields, SaaS dashboards, URLs, copied clipboard text, cookies, local storage, and downloaded files. Extensions close to these surfaces need a higher trust bar." }, { - heading: "Try it", - body: "Scan any extension at ExtensionShield for free. You'll get an overall chrome extension risk score plus Security, Privacy, and Governance breakdowns—so you can audit chrome extension security in one place." + heading: "How to reduce risk", + body: "Scan before install, remove unused extensions, limit extension allowlists, and re-check extensions after major updates. ExtensionShield turns these checks into evidence-backed risk assessments." } ] }, { - slug: "enterprise-browser-extension-risk-management", - title: "Enterprise Browser Extension Risk Management", - description: "How to run a browser extension risk management program: allowlist policy, compliance monitoring, shadow IT browser extensions, and chrome enterprise extension security with ExtensionShield.", - date: "2026-02", - category: "Enterprise", + slug: "how-to-check-if-chrome-extension-is-safe", + title: "How to Check if a Chrome Extension Is Safe Before Installing", + description: "A simple checklist to check if a Chrome extension is safe: permissions, publisher, reviews, updates, privacy policy, network behavior, and risk score.", + date: "2026-04", + category: "Guide", + sections: [ + { + heading: "Five-step safety checklist", + body: "Check permissions, publisher identity, recent update history, privacy policy, and whether the feature actually needs the requested access. Then use an extension risk score to review evidence before installation." + }, + { + heading: "Red flags", + body: "Be cautious when a simple extension asks for all-site access, history, cookies, clipboard read, or broad scripting permissions. Also watch for vague privacy policies, sudden ownership changes, or updates that add powerful permissions." + }, + { + heading: "Scan before you install", + body: "ExtensionShield provides a pre-install report with Security, Privacy, and Governance evidence so you can decide whether to allow, block, monitor, or find an alternative." + } + ] + }, + { + slug: "chrome-extension-scanner-vs-governance-platform", + title: "Chrome Extension Scanner vs Extension Governance Platform", + description: "A scanner finds extension risk. A governance platform turns extension findings into allow, block, monitor, and audit decisions.", + date: "2026-04", + category: "Governance", + sections: [ + { + heading: "The core difference", + body: "A Chrome extension scanner produces findings. An extension governance platform turns findings into decisions: approve, block, monitor, request a fix, or document an exception." + }, + { + heading: "Why governance matters", + body: "Security teams need repeatable policy decisions, not one-off scores. Governance requires evidence, ownership, update monitoring, risk acceptance, and audit-ready records." + }, + { + heading: "Where ExtensionShield fits", + body: "ExtensionShield keeps the scanner as the entry point, then adds Security, Privacy, and Governance layers so users, developers, and enterprises can act on the evidence." + } + ] + }, + { + slug: "how-hackers-use-browser-extensions-to-steal-data", + title: "How Hackers Use Browser Extensions to Steal Data", + description: "Browser extension attack paths explained: malicious permissions, injected scripts, cookies, clipboard theft, update abuse, and data exfiltration.", + date: "2026-04", + category: "Security", + sections: [ + { + heading: "Typical attack chain", + body: "An attacker gets an extension installed, gains permission to read or modify pages, collects sensitive browser data, then sends it to an external server. The extension may begin benignly and add risky behavior later through an update." + }, + { + heading: "Common techniques", + body: "Techniques include script injection, form scraping, cookie access, clipboard reading, affiliate hijacking, ad injection, remote configuration, and permission creep after users already trust the extension." + }, + { + heading: "Detection signals", + body: "Look for broad host permissions, obfuscated code, suspicious domains, external command-and-control patterns, disclosure gaps, and updates that change permission scope." + } + ] + }, + { + slug: "spin-ai-vs-extensionshield", + title: "Spin.ai vs ExtensionShield: Honest Browser Extension Security Comparison", + description: "Compare Spin.ai SpinMonitor and SpinCRX with ExtensionShield for extension risk assessment, governance, open-source trust, and pre-install scanning.", + date: "2026-04", + category: "Comparison", + sections: [ + { + heading: "Where Spin.ai is strong", + body: "Spin.ai is positioned as an enterprise SaaS security platform with browser extension risk assessment inside a broader security posture workflow. That can be valuable for teams already buying centralized SaaS protection." + }, + { + heading: "Where ExtensionShield is different", + body: "ExtensionShield focuses on transparent browser extension security: open-source core, pre-install scans, private CRX/ZIP audits, evidence-linked reports, and governance decisions that can be reviewed before an extension reaches users." + }, + { + heading: "Best-fit summary", + body: "Choose Spin.ai for a broader SaaS security program. Choose ExtensionShield when open-source trust, extension-specific evidence, developer audits, and pre-install governance are the main requirements." + } + ] + }, + { + slug: "crxcavator-vs-extensionshield-2026", + title: "CRXcavator vs ExtensionShield in 2026", + description: "Compare CRXcavator and ExtensionShield for Chrome extension risk scores, transparent methodology, SAST, governance, and pre-install scanning.", + date: "2026-04", + category: "Comparison", + sections: [ + { + heading: "CRXcavator's legacy", + body: "CRXcavator helped popularize extension risk scoring for enterprise review. It is still a common comparison point for teams evaluating Chrome extension security tooling." + }, + { + heading: "ExtensionShield's angle", + body: "ExtensionShield adds open-source trust, modern UX, Security/Privacy/Governance scoring, private build audits, and evidence-first reports that are designed for pre-install and enterprise governance workflows." + }, + { + heading: "What to compare", + body: "Compare methodology visibility, evidence quality, current availability, governance depth, developer workflow support, and whether the tool helps make allow/block decisions." + } + ] + }, + { + slug: "extension-auditor-vs-extensionshield", + title: "Extension Auditor vs ExtensionShield: Which Extension Security Tool Fits?", + description: "Compare Extension Auditor and ExtensionShield for extension security, privacy review, monitoring, governance, open-source trust, and developer audits.", + date: "2026-04", + category: "Comparison", + sections: [ + { + heading: "Where Extension Auditor is strong", + body: "Extension Auditor emphasizes enterprise extension monitoring, inventory, and risk management. It is relevant for teams that want commercial browser extension oversight." + }, + { + heading: "Where ExtensionShield competes", + body: "ExtensionShield differentiates with open-source core positioning, pre-install URL scans, private CRX/ZIP audits, transparent scoring, and evidence-linked Security, Privacy, and Governance reports." + }, + { + heading: "Decision point", + body: "If you want a transparent extension-specific platform that works before install and before release, ExtensionShield is the stronger fit." + } + ] + }, + { + slug: "crxplorer-vs-extensionshield", + title: "CRXplorer vs ExtensionShield: Free Scanner or Governance Platform?", + description: "Compare CRXplorer and ExtensionShield for Chrome extension risk scoring, code review, methodology transparency, and governance workflows.", + date: "2026-04", + category: "Comparison", + sections: [ + { + heading: "Scanner value", + body: "CRXplorer is useful for quick extension risk review. It competes on speed and accessibility for users who want a fast check." + }, + { + heading: "Governance value", + body: "ExtensionShield is designed to go further: transparent risk layers, open-source trust, private build audits, policy evidence, and enterprise allow/block context." + }, + { + heading: "Best-fit summary", + body: "Use a scanner for one-off checks. Use ExtensionShield when the decision must be explainable, repeatable, and tied to governance evidence." + } + ] + }, + { + slug: "chrome-web-store-ratings-do-not-prove-extension-safety", + title: "Why Chrome Web Store Ratings Do Not Prove an Extension Is Safe", + description: "Star ratings and reviews are useful, but they do not prove Chrome extension safety. Learn what ratings miss and what evidence to check instead.", + date: "2026-04", + category: "Security", + sections: [ + { + heading: "Ratings measure user sentiment, not security", + body: "A high rating can mean users like the feature. It does not prove the extension uses minimal permissions, avoids risky data flows, or will remain safe after future updates." + }, + { + heading: "What ratings miss", + body: "Ratings usually miss obfuscated code, suspicious network destinations, permission creep, ownership changes, remote configuration, and policy disclosure gaps." + }, + { + heading: "What to check instead", + body: "Use ratings as one input, then review permissions, code indicators, network access, update behavior, and governance evidence before trusting an extension." + } + ] + }, + { + slug: "read-and-change-all-your-data-extension-permission", + title: "Read and Change All Your Data: Chrome Extension Permission Explained", + description: "What the 'read and change all your data' Chrome extension permission means, why it can be risky, and when it may be justified.", + date: "2026-04", + category: "Permissions", + sections: [ + { + heading: "What it means", + body: "This permission usually means the extension can read and modify content on the websites covered by its host permissions. If the host scope is all sites, the extension can interact with a very broad set of pages." + }, + { + heading: "When it is justified", + body: "Ad blockers, password managers, accessibility tools, translators, and developer tools may need broad page access. The key is whether the access is necessary and whether behavior matches the stated purpose." + }, + { + heading: "How to evaluate it", + body: "Check host scope, network destinations, code behavior, privacy policy, and update history. ExtensionShield shows these signals in one risk report." + } + ] + }, + { + slug: "all-urls-chrome-extension-permission", + title: "What Is all_urls in Chrome Extensions?", + description: "Learn what the all_urls Chrome extension permission means, why all-site access is risky, and how to decide if it is justified.", + date: "2026-04", + category: "Permissions", sections: [ { - heading: "Why enterprises need extension risk management", - body: "Shadow IT browser extensions—installations outside of IT approval—create compliance and security gaps. A browser extension risk management program with a clear browser extension allowlist policy and extension permissions audit for employees helps you manage chrome extensions in enterprise and reduce exposure to malicious chrome extension campaigns and browser extension spyware." + heading: "Definition", + body: "The all_urls host pattern gives an extension access across a very broad set of websites. It can be necessary for some products, but it should never be ignored." }, { - heading: "Key components", - body: "Implement browser extension compliance monitoring, define a browser extension allowlist policy, and use a chrome extension risk score tool to evaluate extensions before allowlisting. Zero trust browser extension security means verifying every extension against your policy and re-scanning when extensions update. ExtensionShield Enterprise supports extension governance and audit-ready reporting." + heading: "Why it matters", + body: "All-site access increases blast radius. If code is malicious, compromised, or poorly designed, more websites and more data can be affected." }, { - heading: "Getting started", - body: "Request an Enterprise pilot at ExtensionShield for monitoring, allow/block governance, and extension risk assessment at scale. We help IT and security teams with chrome enterprise extension security and extension permissions audit for employees." + heading: "Review checklist", + body: "Confirm the feature requires all-site access, review privacy disclosures, check external network behavior, and scan the extension before installing or allowing it." } ] }, { - slug: "how-to-detect-malicious-chrome-extensions", - title: "How to Detect Malicious Chrome Extensions", - description: "Signs of malicious chrome extensions, browser extension spyware, and how to detect data exfiltration and extension hijacking. Use a chrome extension security scanner to check if an extension is safe.", - date: "2026-02", + slug: "can-chrome-extensions-steal-cookies-sessions", + title: "Can Chrome Extensions Steal Cookies or Sessions?", + description: "Can browser extensions steal cookies or sessions? Learn how cookie permissions, page access, and token exposure can create session risk.", + date: "2026-04", category: "Security", sections: [ { - heading: "Signs of malicious extensions", - body: "Malicious chrome extension campaigns and browser extension spyware often rely on broad permissions, obfuscated code, or extension hijacked via update. Chrome extension data exfiltration signs include requests to external domains you don't recognize, access to cookies or session storage, and permission combinations that allow reading and sending data. Extension session hijacking cookies is a real risk when extensions have cookie or storage access." + heading: "The practical answer", + body: "Extensions can create session risk when they can access cookies, page content, storage, requests, or tokens exposed in the browser. Not every extension can steal sessions, but the wrong permission set can expose sensitive context." + }, + { + heading: "Where session data appears", + body: "Session-related data may appear in cookies, local storage, page scripts, URLs, authorization headers, or copied text. Extensions with broad visibility require careful review." + }, + { + heading: "How teams reduce exposure", + body: "Use allowlists, block unnecessary extensions, scan before approval, and monitor updates that add cookie, host, or scripting access." + } + ] + }, + { + slug: "browser-extension-supply-chain-attacks", + title: "Browser Extension Supply Chain Attacks Explained", + description: "Browser extension supply chain attacks explained: ownership changes, malicious updates, compromised publishers, remote configuration, and extension governance controls.", + date: "2026-04", + category: "Enterprise", + sections: [ + { + heading: "What makes extensions a supply chain risk", + body: "Extensions update automatically and run in trusted browser contexts. A safe extension can become risky if ownership changes, a publisher is compromised, or a remote configuration introduces harmful behavior." + }, + { + heading: "Signals to monitor", + body: "Monitor new permissions, new domains, version changes, obfuscation changes, publisher changes, privacy policy drift, and behavior that no longer matches the listed feature." + }, + { + heading: "Governance response", + body: "Treat extensions like software supply chain components. Review before allowlisting, re-scan after updates, and preserve evidence for exceptions." + } + ] + }, + { + slug: "manifest-v3-extension-security", + title: "Manifest V3 Extension Security: What Changed and What Still Matters", + description: "Manifest V3 changed Chrome extension architecture, but permissions, host access, data flows, updates, and governance still determine extension risk.", + date: "2026-04", + category: "Technical", + sections: [ + { + heading: "What changed", + body: "Manifest V3 introduced architectural changes such as service workers and changes to extension APIs. These changes matter, but they do not remove the need to review permissions and behavior." + }, + { + heading: "What still matters", + body: "Host permissions, sensitive APIs, external network access, disclosure quality, code behavior, and automatic updates still drive browser extension risk." + }, + { + heading: "How to assess MV3 extensions", + body: "Review the manifest, permissions, content scripts, service worker behavior, remote domains, and policy fit. ExtensionShield combines those signals into a risk score." + } + ] + }, + { + slug: "chrome-extension-allowlist-policy", + title: "How to Build a Chrome Extension Allowlist Policy", + description: "Build a Chrome extension allowlist policy with risk scoring, permission thresholds, exception handling, monitoring, and audit evidence.", + date: "2026-04", + category: "Enterprise", + sections: [ + { + heading: "Start with decision criteria", + body: "Define which permissions require review, which extension categories are restricted, who approves exceptions, and what evidence is required before an extension is allowed." + }, + { + heading: "Use risk tiers", + body: "Create tiers for low, medium, high, and blocked extensions. Map risk score drivers to policy actions such as approve, approve with monitoring, block, or request remediation." + }, + { + heading: "Keep evidence", + body: "Store the extension version, score, findings, approval owner, and rationale. ExtensionShield reports are designed to support this governance record." + } + ] + }, + { + slug: "browser-extension-compliance-checklist", + title: "Browser Extension Compliance Checklist for Security Teams", + description: "A browser extension compliance checklist for enterprise teams: inventory, permissions, privacy disclosures, update monitoring, allowlists, and audit evidence.", + date: "2026-04", + category: "Enterprise", + sections: [ + { + heading: "Compliance checklist", + body: "Maintain extension inventory, require pre-install review, document permissions, review privacy disclosures, monitor updates, define allow/block policy, preserve evidence, and revisit exceptions periodically." + }, + { + heading: "Evidence to collect", + body: "Collect extension ID, version, publisher, requested permissions, host access, network indicators, code findings, privacy policy status, risk score, decision owner, and approval rationale." + }, + { + heading: "How ExtensionShield helps", + body: "ExtensionShield combines security, privacy, and governance findings into an evidence-backed report that supports extension compliance reviews." + } + ] + }, + { + slug: "audit-crx-zip-before-release", + title: "How to Audit a CRX or ZIP Chrome Extension Before Release", + description: "Audit a private CRX or ZIP Chrome extension before release: SAST, permissions, privacy, policy checks, evidence, and fix guidance.", + date: "2026-04", + category: "Developer", + sections: [ + { + heading: "Why audit before release", + body: "Developers should catch risky permissions, insecure patterns, privacy gaps, and policy issues before submitting to the Chrome Web Store or shipping internally." + }, + { + heading: "What to include", + body: "Review manifest permissions, content scripts, service worker behavior, external requests, storage access, obfuscation, vulnerable libraries, and whether privacy disclosures match actual behavior." + }, + { + heading: "Use ExtensionShield Pro", + body: "Upload a private CRX/ZIP build to ExtensionShield for an evidence-linked pre-release audit with Security, Privacy, and Governance findings." + } + ] + }, + { + slug: "best-chrome-extension-security-scanner-tools-2026", + title: "Best Chrome Extension Security Scanner Tools in 2026", + description: "Compare Chrome extension security scanner tools in 2026: ExtensionShield, Spin.ai, CRXcavator, Extension Auditor, and CRXplorer.", + date: "2026-04", + category: "Comparison", + sections: [ + { + heading: "What to compare", + body: "Compare tools by methodology transparency, permission analysis, SAST depth, threat intelligence, governance workflows, monitoring, private build support, and audit evidence." + }, + { + heading: "Scanner vs platform", + body: "A scanner is enough for one-off checks. A platform is better when teams need repeatable governance decisions, update monitoring, and evidence for allow/block policy." + }, + { + heading: "ExtensionShield's position", + body: "ExtensionShield combines free pre-install scans, open-source trust, private build audits, and Security/Privacy/Governance reports for users, developers, and enterprises." + } + ] + }, + { + slug: "extension-security-scoring-explained", + title: "Extension Security Scoring Explained: Security, Privacy, and Governance", + description: "Extension security scoring explained: how Security, Privacy, and Governance signals combine into an extension risk score.", + date: "2026-04", + category: "Methodology", + sections: [ + { + heading: "A useful score needs drivers", + body: "A risk score should not be a black box. Teams need to see which signals drove the result and whether those signals are security, privacy, or governance issues." }, { - heading: "How scanners help", - body: "A chrome extension security scanner that uses SAST, VirusTotal, and permission analysis can flag suspicious patterns before you install. ExtensionShield provides a chrome extension risk score and highlights security, privacy, and governance issues so you can detect malicious chrome extensions and avoid extension hijacked via update scenarios." + heading: "ExtensionShield's model", + body: "ExtensionShield scores Security at 40%, Privacy at 35%, and Governance at 25%. The report keeps each layer visible so the final number can be explained." }, { - heading: "Stay protected", - body: "Scan extensions before installing and re-scan after major updates. Use our scan chrome extension for malware workflow to get a report in under a minute and check if a chrome extension is safe." + heading: "Use the score as a decision aid", + body: "The score helps prioritize review. The decision should come from the evidence: permissions, code indicators, network access, disclosure quality, and policy fit." } ] } diff --git a/frontend/src/nav/navigation.js b/frontend/src/nav/navigation.js index d38dbd40..ec8ecebd 100644 --- a/frontend/src/nav/navigation.js +++ b/frontend/src/nav/navigation.js @@ -15,8 +15,14 @@ export const topNavItems = [ category: NAV_CATEGORIES.PRODUCT, label: "Scan", path: "/scan", - matchPaths: ["/scan"], + matchPaths: ["/scan", "/extension-security", "/extension-risk-score", "/extension-permissions"], dropdownItems: [ + { + icon: "🛡️", + label: "Security Platform", + description: "Open-source extension governance", + path: "/extension-security" + }, { icon: "🔍", label: "Risk Check (Free)", @@ -68,7 +74,7 @@ export const topNavItems = [ category: NAV_CATEGORIES.ENTERPRISE, label: "Enterprise", path: "/enterprise", - matchPaths: ["/enterprise"], + matchPaths: ["/enterprise", "/extension-governance"], dropdownItems: [ { icon: "🏢", @@ -81,6 +87,12 @@ export const topNavItems = [ label: "Monitoring & Alerts", description: "Real-time updates", path: "/enterprise#monitoring" + }, + { + icon: "📋", + label: "Extension Governance", + description: "Policy evidence & approvals", + path: "/extension-governance" } ] } @@ -139,16 +151,18 @@ export const userMenuItems = [ * Two-column layout: left = brand + disclaimer, right = link groups. */ export const footerConfig = { - disclaimer: "Comprehensive extension governance through security, privacy, and compliance analysis. We aggregate multiple dimensions into a single actionable score. So you can trust the results you find.", - tagline: "Extension security you can trust.", + disclaimer: "Open-source browser extension security and governance through Security, Privacy, and Governance analysis. ExtensionShield turns extension evidence into allow, block, monitor, or fix decisions.", + tagline: "Pre-install extension security you can trust.", linkGroups: [ { heading: "Product", links: [ { label: "Risk Check (Free)", path: "/scan" }, { label: "Private Build Audit (Pro)", path: "/scan/upload" }, + { label: "Extension Security", path: "/extension-security" }, + { label: "Risk Score", path: "/extension-risk-score" }, { label: "Is extension safe?", path: "/is-this-chrome-extension-safe" }, - { label: "Scan History", path: "/scan/history" } + { label: "Permissions", path: "/extension-permissions" } ] }, { @@ -157,12 +171,13 @@ export const footerConfig = { { label: "How We Score", path: "/research/methodology" }, { label: "Case Studies", path: "/research/case-studies" }, { label: "Compare Scanners", path: "/compare" }, - { label: "Benchmarks", path: "/research/benchmarks" } + { label: "Spin.ai Comparison", path: "/compare/spin-ai" } ] }, { heading: "Company", links: [ + { label: "Extension Governance", path: "/extension-governance" }, { label: "Enterprise", path: "/enterprise" }, { label: "Careers", path: "/careers" }, { label: "Contribute", path: "/contribute" } @@ -187,4 +202,3 @@ export default { getMobileNavSections, NAV_CATEGORIES, }; - diff --git a/frontend/src/pages/EnterprisePage.jsx b/frontend/src/pages/EnterprisePage.jsx index b7b72044..527e628d 100644 --- a/frontend/src/pages/EnterprisePage.jsx +++ b/frontend/src/pages/EnterprisePage.jsx @@ -162,8 +162,8 @@ const EnterprisePage = () => { return ( <> { Back -

Request an Enterprise Pilot

+

Request an Extension Governance Pilot

- Monitoring, alerting, governance, and audit-ready exports for teams. No self-serve checkout — we’ll set up a pilot with you. + Govern browser extensions before they become shadow IT. Get allow/block policies, update monitoring, risk alerts, and audit-ready evidence for your team.

@@ -304,4 +304,3 @@ const EnterprisePage = () => { export default EnterprisePage; - diff --git a/frontend/src/pages/HomePage.jsx b/frontend/src/pages/HomePage.jsx index 4a61dc20..faa8a7f1 100644 --- a/frontend/src/pages/HomePage.jsx +++ b/frontend/src/pages/HomePage.jsx @@ -134,7 +134,7 @@ const HomePage = () => { "name": "ExtensionShield", "url": "https://extensionshield.com", "logo": "https://extensionshield.com/logo.png", - "description": "Chrome extension scanner — safety reports in seconds.", + "description": "Open-source browser extension security and governance platform.", "sameAs": [ "https://github.com/Stanzin7/ExtensionShield" ] @@ -150,7 +150,7 @@ const HomePage = () => { { "@type": "Offer", "price": "0", "priceCurrency": "USD", "description": "Free public extension scan by Chrome Web Store URL" }, { "@type": "Offer", "description": "Pro: private CRX/ZIP security audit and vulnerability scan" } ], - "description": "Chrome extension security scanner. Scan by Chrome Web Store URL for free. Upload private CRX/ZIP for pre-release security audit, vulnerability scanning, and fix suggestions.", + "description": "Open-source browser extension security and governance platform. Scan Chrome Web Store extensions, audit private CRX/ZIP builds, and generate evidence-backed Security, Privacy, and Governance reports.", "url": "https://extensionshield.com/scan" }; @@ -180,8 +180,8 @@ const HomePage = () => { }, { "@type": "Question", - "name": "Is the Chrome extension scanner free?", - "acceptedAnswer": { "@type": "Answer", "text": "Yes. Our free extension scanner lets you scan any Chrome extension by Web Store URL. Private CRX/ZIP upload and audit are available on Pro for developers." } + "name": "Is ExtensionShield just a Chrome extension scanner?", + "acceptedAnswer": { "@type": "Answer", "text": "No. The free scanner is the entry point. ExtensionShield is a browser extension security and governance platform with Security, Privacy, and Governance scoring, private CRX/ZIP audits, and evidence-backed decision support." } } ] }; @@ -189,12 +189,12 @@ const HomePage = () => { return ( <>
@@ -205,8 +205,8 @@ const HomePage = () => { > {/* Mobile/tablet: scanner not supported — show idea + Step-by-step guide + Check on desktop */}
-

CHROME EXTENSION SECURITY GATE

-

Ship safer Chrome extensions.

+

OPEN-SOURCE EXTENSION GOVERNANCE

+

Browser extension security before install.

 +
+ +
+

Spin.ai vs ExtensionShield

+

+ Spin.ai is strong for enterprise SaaS security programs. ExtensionShield is built to win the transparent, open-source, pre-install browser extension security and governance workflow. +

+
+ +
+

Where Spin.ai wins

+
    +
  • Enterprise SaaS security platform credibility across Google Workspace and Microsoft 365.
    • +
  • Browser extension risk assessment integrated into broader SaaS posture workflows.
    • +
  • Continuous monitoring, remediation, and enterprise console value for large organizations.
    • +
+ +

Where ExtensionShield is different

+
    +
  • Open-source core: trust comes from visible methodology and community-verifiable rules, not only vendor claims.
    • +
  • Pre-install scanning: anyone can scan a Chrome Web Store URL before installing, approving, or sharing an extension.
    • +
  • Private build audits: developers can upload CRX/ZIP builds before release to catch security, privacy, and policy issues.
    • +
  • Evidence-first reports: findings are tied to permissions, code, network indicators, disclosures, and governance checks.
    • +
+ +

Best fit

+

+ Choose Spin.ai when you need a broader SaaS security platform wrapped around browser extension monitoring. Choose ExtensionShield when your priority is transparent extension risk assessment, open-source trust, developer audits, and governance evidence before an extension reaches users. +

+
+ +
+ Scan an extension with ExtensionShield +
+ +
+

More comparisons

+
    +
  • Best browser extension security tools
    • +
  • ExtensionShield vs CRXcavator
    • +
  • ExtensionShield vs Extension Auditor
    • +
  • ExtensionShield vs CRXplorer
    • +
+
+
+ + + ); +}; + +export default CompareSpinAiPage; diff --git a/frontend/src/pages/landing/BrowserExtensionRiskAssessmentPage.jsx b/frontend/src/pages/landing/BrowserExtensionRiskAssessmentPage.jsx index 2d77fdfc..98f038af 100644 --- a/frontend/src/pages/landing/BrowserExtensionRiskAssessmentPage.jsx +++ b/frontend/src/pages/landing/BrowserExtensionRiskAssessmentPage.jsx @@ -56,6 +56,7 @@ const BrowserExtensionRiskAssessmentPage = () => {
  • How we score extensions
  • Scan an extension
    • +
  • Extension governance platform
  • Compare extension scanners
diff --git a/frontend/src/pages/landing/ChromeExtensionSecurityScannerPage.jsx b/frontend/src/pages/landing/ChromeExtensionSecurityScannerPage.jsx index 686730ab..5959e037 100644 --- a/frontend/src/pages/landing/ChromeExtensionSecurityScannerPage.jsx +++ b/frontend/src/pages/landing/ChromeExtensionSecurityScannerPage.jsx @@ -29,22 +29,22 @@ const ChromeExtensionSecurityScannerPage = () => {

Chrome Extension Security Scanner

- Check if a Chrome extension is safe before you install. ExtensionShield scans extensions for malware, privacy risks, and compliance issues and gives you a clear risk score in under a minute. + Check if a Chrome extension is safe before you install. ExtensionShield uses scanner workflows as the entry point into a broader browser extension security and governance platform.

- A chrome extension security scanner helps you understand what an extension can access and whether it has been flagged for malicious behavior. ExtensionShield combines static code analysis (SAST), permission checks, and threat intelligence so you get one actionable extension risk score plus a breakdown of Security, Privacy, and Governance. + A chrome extension security scanner helps you understand what an extension can access and whether it has been flagged for malicious behavior. ExtensionShield combines static code analysis (SAST), permission checks, threat intelligence, and governance signals so you get one actionable extension risk score plus a breakdown of Security, Privacy, and Governance.

Paste a Chrome Web Store URL — no install required. We analyze permissions, network access, obfuscation, and known threats so you can decide if an extension is safe to use.

  • Free to use; no account required for a single scan
    • -
  • Risk score 0–100 with Security, Privacy, and Compliance dimensions
    • +
  • Risk score 0–100 with Security, Privacy, and Governance dimensions
  • Transparent methodology; we document how we score
    • -
  • Useful for consumers and teams evaluating extensions
    • +
  • Useful for consumers, developers, and teams evaluating extensions
@@ -56,6 +56,7 @@ const ChromeExtensionSecurityScannerPage = () => {

Related

  • How we score extensions
    • +
  • Browser extension security platform
  • Enterprise extension security
  • CRXcavator alternative
diff --git a/frontend/src/pages/landing/CrxcavatorAlternativePage.jsx b/frontend/src/pages/landing/CrxcavatorAlternativePage.jsx index 603d3024..2d5f3e93 100644 --- a/frontend/src/pages/landing/CrxcavatorAlternativePage.jsx +++ b/frontend/src/pages/landing/CrxcavatorAlternativePage.jsx @@ -37,7 +37,7 @@ const CrxcavatorAlternativePage = () => { CRXcavator provides permission-based scoring, RetireJS, and CSP checks for Chrome, Firefox, and Edge extensions. Teams often look for alternatives due to availability, limited transparency in how scores are calculated, or the need for a dedicated governance and compliance layer.

- ExtensionShield gives you a single chrome extension risk score (0–100) with three dimensions: Security (40%), Privacy (35%), and Compliance (25%). We add SAST (Semgrep), VirusTotal integration, obfuscation detection, and explicit governance signals so you can audit extensions and support compliance. Our methodology is documented; reports are evidence-based and suitable for audits. + ExtensionShield gives you a single chrome extension risk score (0–100) with three dimensions: Security (40%), Privacy (35%), and Governance (25%). We add SAST (Semgrep), VirusTotal integration, obfuscation detection, and explicit governance signals so you can audit extensions and support compliance. Our methodology is documented; reports are evidence-based and suitable for audits.

  • Transparent weights and methodology (Security / Privacy / Governance)
    • diff --git a/frontend/src/pages/landing/ExtensionGovernancePage.jsx b/frontend/src/pages/landing/ExtensionGovernancePage.jsx new file mode 100644 index 00000000..74e02f6f --- /dev/null +++ b/frontend/src/pages/landing/ExtensionGovernancePage.jsx @@ -0,0 +1,84 @@ +import React from "react"; +import { Link, useNavigate } from "react-router-dom"; +import SEOHead from "../../components/SEOHead"; +import "../compare/ComparePage.scss"; + +const governanceSchema = { + "@context": "https://schema.org", + "@type": "SoftwareApplication", + "name": "ExtensionShield", + "applicationCategory": "SecurityApplication", + "operatingSystem": "Web", + "description": "Open-source browser extension security and governance platform for extension risk assessment, compliance evidence, monitoring, and allow/block decisions.", + "url": "https://extensionshield.com/extension-governance" +}; + +const ExtensionGovernancePage = () => { + const navigate = useNavigate(); + + return ( + <> + +
    +
    +
    + +
    + +
    +

    Extension Governance Platform

    +

    + ExtensionShield helps teams govern browser extensions before they reach production browsers: assess risk, document evidence, enforce policy, and monitor changes. +

    +
    + +
    +

    From scanner output to governance decisions

    +

    + Security teams do not need another raw finding list. They need a repeatable decision process: request, assess, approve, block, monitor, and re-review when risk changes. ExtensionShield turns extension analysis into that process. +

    + +

    Governance workflows ExtensionShield supports

    +
      +
    • Pre-install review: scan Chrome Web Store extensions before users install them.
      • +
    • Allow/block decisions: map Security, Privacy, and Governance findings to an organizational policy.
      • +
    • Private build audit: review CRX/ZIP builds before release or internal rollout.
      • +
    • Update monitoring: re-check extensions when versions, permissions, ownership, or behavior changes.
      • +
    • Audit evidence: preserve the score drivers and findings behind every decision.
      • +
    + +

    Browser extension compliance

    +

    + Browser extension compliance is not just whether an extension exists in inventory. It is whether the extension's access, disclosures, data flows, and update behavior match your acceptable risk policy. ExtensionShield provides the evidence needed for that review. +

    +
    + +
    + Request a governance pilot +
    + +
    +

    Related

    +
      +
    • Browser extension risk assessment
      • +
    • Extension risk score
      • +
    • Private CRX/ZIP audit
      • +
    • Browser extension compliance checklist
      • +
    +
    +
    +
    + + ); +}; + +export default ExtensionGovernancePage; diff --git a/frontend/src/pages/landing/ExtensionPermissionsPage.jsx b/frontend/src/pages/landing/ExtensionPermissionsPage.jsx new file mode 100644 index 00000000..69f07694 --- /dev/null +++ b/frontend/src/pages/landing/ExtensionPermissionsPage.jsx @@ -0,0 +1,101 @@ +import React from "react"; +import { Link, useNavigate } from "react-router-dom"; +import SEOHead from "../../components/SEOHead"; +import "../compare/ComparePage.scss"; + +const faqSchema = { + "@context": "https://schema.org", + "@type": "FAQPage", + "mainEntity": [ + { + "@type": "Question", + "name": "Which browser extension permissions are dangerous?", + "acceptedAnswer": { + "@type": "Answer", + "text": "High-risk permissions include all-site host access, cookies, history, debugger, downloads, clipboard read, management, webRequest, scripting, and broad tab access. The danger depends on how the permissions combine with code behavior and network access." + } + }, + { + "@type": "Question", + "name": "Is all website access always bad?", + "acceptedAnswer": { + "@type": "Answer", + "text": "No. Some extensions, such as ad blockers, need broad host access. The question is whether the permission is necessary, disclosed, and supported by safe behavior." + } + } + ] +}; + +const ExtensionPermissionsPage = () => { + const navigate = useNavigate(); + + return ( + <> + +
    +
    +
    + +
    + +
    +

    Browser Extension Permissions Explained

    +

    + Permissions define the blast radius of a browser extension. ExtensionShield explains what each permission enables and whether the access matches the extension's purpose. +

    +
    + +
    +

    High-risk permissions to review

    +
      +
    • All-site host access: can read or modify content across every site the browser visits.
      • +
    • cookies: can interact with browser cookies, which may expose sensitive session context.
      • +
    • history: can read browsing history and reveal user behavior.
      • +
    • clipboardRead: can access copied data, including secrets accidentally placed on the clipboard.
      • +
    • debugger: can inspect and modify pages at a powerful level.
      • +
    • webRequest and scripting: can observe requests or inject behavior into pages depending on host access.
      • +
    • management: can interact with installed extensions and themes.
      • +
    + +

    Permission combinations matter

    +

    + A single permission rarely tells the whole story. The risky pattern is often a combination: broad page access plus external network calls, cookie access plus all-site host permissions, or scripting plus a weak privacy disclosure. +

    + +

    How to review permissions before install

    +
      +
    1. Check whether the permission is required for the promised feature.
      2. +
    2. Look for broad host access, sensitive APIs, and unclear privacy disclosures.
      3. +
    3. Scan the extension to see code, network, and governance evidence beyond the permission prompt.
      4. +
    +
    + +
    + Check extension permissions +
    + +
    +

    Related

    +
      +
    • Chrome extension permissions guide
      • +
    • Extension risk score
      • +
    • Is this Chrome extension safe?
      • +
    • Security glossary
      • +
    +
    +
    +
    + + ); +}; + +export default ExtensionPermissionsPage; diff --git a/frontend/src/pages/landing/ExtensionRiskScorePage.jsx b/frontend/src/pages/landing/ExtensionRiskScorePage.jsx new file mode 100644 index 00000000..1f268953 --- /dev/null +++ b/frontend/src/pages/landing/ExtensionRiskScorePage.jsx @@ -0,0 +1,87 @@ +import React from "react"; +import { Link, useNavigate } from "react-router-dom"; +import SEOHead from "../../components/SEOHead"; +import "../compare/ComparePage.scss"; + +const scoreSchema = { + "@context": "https://schema.org", + "@type": "TechArticle", + "headline": "Extension Risk Score", + "description": "How ExtensionShield scores browser extension risk across security, privacy, and governance signals.", + "about": ["extension risk assessment", "extension security scoring", "browser extension security"] +}; + +const ExtensionRiskScorePage = () => { + const navigate = useNavigate(); + + return ( + <> + +
    +
    +
    + +
    + +
    +

    Extension Risk Score

    +

    + A single score is useful only when the evidence is visible. ExtensionShield scores extensions across Security, Privacy, and Governance so every verdict can be traced back to concrete signals. +

    +
    + +
    +

    What the score means

    +

    + The ExtensionShield risk score summarizes the likelihood and impact of risky extension behavior. It is not a malware-only verdict. It combines what the extension can do, what the code appears to do, what the publisher discloses, and whether the extension fits a policy-controlled environment. +

    + +

    The three scoring layers

    +
      +
    • Security - 40%: suspicious code patterns, SAST rules, vulnerable libraries, obfuscation, threat-intel findings, and exploit-relevant APIs.
      • +
    • Privacy - 35%: sensitive permissions, all-site access, cookies, history, clipboard, storage, network destinations, and data exfiltration paths.
      • +
    • Governance - 25%: policy alignment, permission justification, disclosure accuracy, developer reputation, update risk, and audit readiness.
      • +
    + +

    Why this is different from a scanner score

    +

    + A scanner can tell you that an extension requests broad permissions. A governance score explains whether that access is justified, whether behavior matches the listing, whether the evidence should trigger a block, and which finding should be fixed first. +

    + +

    How to use it

    +
      +
    1. Scan the Chrome Web Store URL before install or allowlisting.
      2. +
    2. Review the Security, Privacy, and Governance drivers instead of relying only on the number.
      3. +
    3. Accept, block, monitor, or request a private build fix based on the evidence.
      4. +
    +
    + +
    + Get an extension risk score +
    + +
    +

    Related

    +
      +
    • Full methodology
      • +
    • Browser extension security
      • +
    • Extension governance
      • +
    • Chrome extension security scanner
      • +
    +
    +
    +
    + + ); +}; + +export default ExtensionRiskScorePage; diff --git a/frontend/src/pages/landing/ExtensionSecurityPage.jsx b/frontend/src/pages/landing/ExtensionSecurityPage.jsx new file mode 100644 index 00000000..38c14220 --- /dev/null +++ b/frontend/src/pages/landing/ExtensionSecurityPage.jsx @@ -0,0 +1,106 @@ +import React from "react"; +import { Link, useNavigate } from "react-router-dom"; +import SEOHead from "../../components/SEOHead"; +import "../compare/ComparePage.scss"; + +const faqSchema = { + "@context": "https://schema.org", + "@type": "FAQPage", + "mainEntity": [ + { + "@type": "Question", + "name": "What is browser extension security?", + "acceptedAnswer": { + "@type": "Answer", + "text": "Browser extension security is the process of reviewing what an extension can access, how its code behaves, which domains it can contact, and whether it aligns with organizational policy before it is installed or allowed." + } + }, + { + "@type": "Question", + "name": "Why are browser extensions risky?", + "acceptedAnswer": { + "@type": "Answer", + "text": "Extensions can request powerful permissions, read page content, modify websites, access browsing activity, and change after installation through automatic updates. The risk depends on permissions, code behavior, publisher trust, and the data exposed in your environment." + } + }, + { + "@type": "Question", + "name": "How does ExtensionShield help?", + "acceptedAnswer": { + "@type": "Answer", + "text": "ExtensionShield analyzes extension security, privacy, and governance signals before install, before release, or before allowlisting. Reports include a risk score and evidence so teams can decide whether to allow, block, monitor, or fix an extension." + } + } + ] +}; + +const ExtensionSecurityPage = () => { + const navigate = useNavigate(); + + return ( + <> + +
    +
    +
    + +
    + +
    +

    Browser Extension Security

    +

    + ExtensionShield is an open-source browser extension security and governance platform for pre-install risk assessment, private build audits, and enterprise allow/block decisions. +

    +
    + +
    +

    Why browser extension security needs a platform

    +

    + Browser extensions run close to the data users care about: pages, tabs, cookies, clipboard, downloads, history, and SaaS sessions. A Chrome Web Store listing or star rating does not explain whether an extension is safe for your threat model. +

    +

    + ExtensionShield turns an extension into a decision record. It analyzes code, permissions, host access, network indicators, known threat signals, disclosure quality, and policy fit so you can decide whether to install, block, monitor, or request a fix. +

    + +

    What ExtensionShield checks

    +
      +
    • Security: SAST findings, suspicious APIs, obfuscation, vulnerable patterns, malware and threat-intel signals.
      • +
    • Privacy: broad host access, sensitive permissions, external communication, data collection risk, and disclosure gaps.
      • +
    • Governance: policy alignment, permission justification, developer reputation signals, audit evidence, and allow/block workflow context.
      • +
    + +

    Pre-install security, not after-the-fact cleanup

    +

    + The safest extension decision happens before installation. ExtensionShield supports public Chrome Web Store scans, private CRX/ZIP audits for developers, and enterprise governance workflows for teams evaluating extensions before they become shadow IT. +

    +
    + +
    + Run a pre-install extension scan +
    + +
    +

    Related

    +
      +
    • Extension risk score
      • +
    • Extension permissions explained
      • +
    • Extension governance platform
      • +
    • Scoring methodology
      • +
    +
    +
    +
    + + ); +}; + +export default ExtensionSecurityPage; diff --git a/frontend/src/pages/reports/ReportDetailPage.jsx b/frontend/src/pages/reports/ReportDetailPage.jsx index ac6a4593..4a8d6a3b 100644 --- a/frontend/src/pages/reports/ReportDetailPage.jsx +++ b/frontend/src/pages/reports/ReportDetailPage.jsx @@ -256,7 +256,7 @@ const ReportViewModelDetail = ({ report, rawScanResult, extensionId, onExportPdf
    - Privacy & Compliance + Privacy & Governance {privacy?.privacy_snapshot && ( diff --git a/frontend/src/pages/research/MethodologyPage.jsx b/frontend/src/pages/research/MethodologyPage.jsx index 291f5cf3..24f4ff60 100644 --- a/frontend/src/pages/research/MethodologyPage.jsx +++ b/frontend/src/pages/research/MethodologyPage.jsx @@ -16,7 +16,7 @@ const methodologyFaqSchema = { "name": "How is the extension risk score calculated?", "acceptedAnswer": { "@type": "Answer", - "text": "ExtensionShield combines three pipelines: Security (40%), Privacy (35%), and Compliance (25%). Security uses open-source SAST (Semgrep-based rules), Privacy analyzes data collection and tracking, and Compliance covers policy alignment and developer reputation." + "text": "ExtensionShield combines three pipelines: Security (40%), Privacy (35%), and Governance (25%). Security uses open-source SAST (Semgrep-based rules), Privacy analyzes data collection and tracking, and Governance covers policy alignment and developer reputation." } }, { @@ -32,7 +32,7 @@ const methodologyFaqSchema = { "name": "What does the aggregate risk score mean?", "acceptedAnswer": { "@type": "Answer", - "text": "The overall score (0–100) is a weighted combination of Security, Privacy, and Compliance. Lower scores indicate higher risk. We show the breakdown so you can see which dimension drives the result." + "text": "The overall score (0–100) is a weighted combination of Security, Privacy, and Governance. Lower scores indicate higher risk. We show the breakdown so you can see which dimension drives the result." } } ] @@ -92,7 +92,7 @@ const MethodologyPage = () => {
    +
    - Compliance + Governance × 25%
    @@ -233,7 +233,7 @@ const MethodologyPage = () => { - {/* Pipeline 3: Compliance */} + {/* Pipeline 3: Governance */}
    03
    @@ -251,7 +251,7 @@ const MethodologyPage = () => { AUTO-UPDATED
    -

    Compliance

    +

    Governance

    Policy Engine (Enterprise)

    Enterprises get this pipeline in their reports; it is not open source. From a regulation standpoint, reports include permission justification, alignment with GDPR and SOC2, developer reputation signals, and custom policy enforcement so you can prove due diligence and enforce your own rules. @@ -267,7 +267,7 @@ const MethodologyPage = () => {

    - +
    @@ -291,4 +291,3 @@ const MethodologyPage = () => { }; export default MethodologyPage; - diff --git a/frontend/src/routes/routes.jsx b/frontend/src/routes/routes.jsx index eacf992a..dc0e92d0 100644 --- a/frontend/src/routes/routes.jsx +++ b/frontend/src/routes/routes.jsx @@ -37,6 +37,7 @@ const CompareIndexPage = React.lazy(() => import("../pages/compare/CompareIndexP const CompareCrxcavatorPage = React.lazy(() => import("../pages/compare/CompareCrxcavatorPage")); const CompareCrxplorerPage = React.lazy(() => import("../pages/compare/CompareCrxplorerPage")); const CompareExtensionAuditorPage = React.lazy(() => import("../pages/compare/CompareExtensionAuditorPage")); +const CompareSpinAiPage = React.lazy(() => import("../pages/compare/CompareSpinAiPage")); // SEO keyword landing pages (high-intent) + educational hub const IsThisChromeExtensionSafePage = React.lazy(() => import("../pages/landing/IsThisChromeExtensionSafePage")); @@ -44,6 +45,10 @@ const ChromeExtensionPermissionsPage = React.lazy(() => import("../pages/landing const ChromeExtensionSecurityScannerPage = React.lazy(() => import("../pages/landing/ChromeExtensionSecurityScannerPage")); const BrowserExtensionRiskAssessmentPage = React.lazy(() => import("../pages/landing/BrowserExtensionRiskAssessmentPage")); const CrxcavatorAlternativePage = React.lazy(() => import("../pages/landing/CrxcavatorAlternativePage")); +const ExtensionSecurityPage = React.lazy(() => import("../pages/landing/ExtensionSecurityPage")); +const ExtensionRiskScorePage = React.lazy(() => import("../pages/landing/ExtensionRiskScorePage")); +const ExtensionPermissionsPage = React.lazy(() => import("../pages/landing/ExtensionPermissionsPage")); +const ExtensionGovernancePage = React.lazy(() => import("../pages/landing/ExtensionGovernancePage")); // Blog (SEO long-tail) const BlogIndexPage = React.lazy(() => import("../pages/blog/BlogIndexPage")); @@ -81,8 +86,8 @@ export const routes = [ path: "/", element: , seo: { - title: "Free Chrome Extension Scanner & Security Audit | ExtensionShield", - description: "Free Chrome extension scanner and security audit for developers. Scan any extension by URL—get risk score, permissions & malware check. Audit CRX/ZIP builds before release.", + title: "Browser Extension Security & Governance Platform | ExtensionShield", + description: "Open-source browser extension security and governance platform. Scan Chrome extensions before install, audit private CRX/ZIP builds, and get evidence-backed risk scores.", canonical: "/" }, priority: 1.0, @@ -255,6 +260,50 @@ export const routes = [ priority: 0.85, changefreq: "monthly" }, + { + path: "/extension-security", + element: , + seo: { + title: "Browser Extension Security | Open-Source Extension Governance", + description: "Browser extension security platform for pre-install risk assessment, private CRX/ZIP audits, and enterprise extension governance.", + canonical: "/extension-security" + }, + priority: 0.9, + changefreq: "monthly" + }, + { + path: "/extension-risk-score", + element: , + seo: { + title: "Extension Risk Score | Security, Privacy, Governance Scoring", + description: "Understand ExtensionShield's extension risk score: security, privacy, and governance scoring for browser extension risk assessment.", + canonical: "/extension-risk-score" + }, + priority: 0.85, + changefreq: "monthly" + }, + { + path: "/extension-permissions", + element: , + seo: { + title: "Browser Extension Permissions Explained | Dangerous Permissions", + description: "Browser extension permissions explained: all-site access, cookies, history, clipboard, webRequest, scripting, and permission combinations.", + canonical: "/extension-permissions" + }, + priority: 0.85, + changefreq: "monthly" + }, + { + path: "/extension-governance", + element: , + seo: { + title: "Extension Governance Platform | Browser Extension Compliance", + description: "Extension governance platform for browser extension compliance, allow/block decisions, update monitoring, policy evidence, and pre-install risk assessment.", + canonical: "/extension-governance" + }, + priority: 0.9, + changefreq: "monthly" + }, { path: "/browser-extension-risk-assessment", element: , @@ -283,8 +332,8 @@ export const routes = [ path: "/compare", element: , seo: { - title: "Best Chrome Extension Security Scanner | CRXcavator Alternatives", - description: "Compare the best chrome extension security scanner tools. ExtensionShield vs CRXcavator, CRXplorer, ExtensionAuditor. Chrome extension risk score tool with security, privacy, and governance.", + title: "Best Browser Extension Security Tools | Scanner & Governance Comparison", + description: "Compare browser extension security tools. ExtensionShield vs Spin.ai, CRXcavator, CRXplorer, and Extension Auditor for risk scoring, governance, and audits.", canonical: "/compare" }, priority: 0.8, @@ -323,6 +372,17 @@ export const routes = [ priority: 0.7, changefreq: "monthly" }, + { + path: "/compare/spin-ai", + element: , + seo: { + title: "Spin.ai vs ExtensionShield | Browser Extension Security Comparison", + description: "Compare Spin.ai SpinMonitor and SpinCRX with ExtensionShield for browser extension security, governance, pre-install scanning, open-source trust, and private build audits.", + canonical: "/compare/spin-ai" + }, + priority: 0.7, + changefreq: "monthly" + }, // ============ CAREERS ROUTES ============ { @@ -352,8 +412,8 @@ export const routes = [ path: "/blog", element: , seo: { - title: "Chrome Extension Security Blog | How to Audit & Check Extension Safety", - description: "How to check chrome extension permissions safely, detect malicious chrome extensions, and audit a chrome extension before installing. Extension security research and guides.", + title: "Browser Extension Security Blog | Permissions, Risk & Governance", + description: "Browser extension security guides: dangerous permissions, risky Chrome extensions, data theft, extension risk scores, governance, and honest scanner comparisons.", canonical: "/blog" }, priority: 0.75, @@ -365,33 +425,243 @@ export const routes = [ }, { path: "/blog/how-to-audit-chrome-extension-before-installing", + element: , + }, + { + path: "/blog/enterprise-browser-extension-risk-management", + element: , + }, + { + path: "/blog/how-to-detect-malicious-chrome-extensions", + element: , + }, + { + path: "/blog/top-risky-chrome-extensions-2026", element: , seo: { - title: "How to Audit a Chrome Extension Before Installing | ExtensionShield", - description: "Step-by-step guide to audit a chrome extension before installing: permissions, risk score, and how to check if a Chrome extension is safe using a browser extension security scanner.", - canonical: "/blog/how-to-audit-chrome-extension-before-installing" + title: "Top Risky Chrome Extensions in 2026: What to Check Before You Install", + description: "A practical 2026 guide to risky Chrome extension patterns: broad permissions, data access, suspicious updates, and how to check risk before installing.", + canonical: "/blog/top-risky-chrome-extensions-2026" }, priority: 0.6, changefreq: "monthly" }, { - path: "/blog/enterprise-browser-extension-risk-management", + path: "/blog/dangerous-chrome-extension-permissions", element: , seo: { - title: "Enterprise Browser Extension Risk Management | ExtensionShield", - description: "How to run a browser extension risk management program: allowlist policy, compliance monitoring, shadow IT browser extensions, and chrome enterprise extension security.", - canonical: "/blog/enterprise-browser-extension-risk-management" + title: "What Permissions Are Dangerous in Chrome Extensions?", + description: "Dangerous Chrome extension permissions explained: all-site access, cookies, history, clipboard, scripting, webRequest, debugger, and risky combinations.", + canonical: "/blog/dangerous-chrome-extension-permissions" }, priority: 0.6, changefreq: "monthly" }, { - path: "/blog/how-to-detect-malicious-chrome-extensions", + path: "/blog/can-chrome-extensions-steal-data", + element: , + seo: { + title: "Can Chrome Extensions Steal Data? What Users and Teams Need to Know", + description: "Can Chrome extensions steal data? Learn how extension permissions, page access, cookies, clipboard access, and network calls can expose sensitive information.", + canonical: "/blog/can-chrome-extensions-steal-data" + }, + priority: 0.6, + changefreq: "monthly" + }, + { + path: "/blog/how-to-check-if-chrome-extension-is-safe", + element: , + seo: { + title: "How to Check if a Chrome Extension Is Safe Before Installing", + description: "A simple checklist to check if a Chrome extension is safe: permissions, publisher, reviews, updates, privacy policy, network behavior, and risk score.", + canonical: "/blog/how-to-check-if-chrome-extension-is-safe" + }, + priority: 0.6, + changefreq: "monthly" + }, + { + path: "/blog/chrome-extension-scanner-vs-governance-platform", + element: , + seo: { + title: "Chrome Extension Scanner vs Extension Governance Platform", + description: "A scanner finds extension risk. A governance platform turns extension findings into allow, block, monitor, and audit decisions.", + canonical: "/blog/chrome-extension-scanner-vs-governance-platform" + }, + priority: 0.6, + changefreq: "monthly" + }, + { + path: "/blog/how-hackers-use-browser-extensions-to-steal-data", + element: , + seo: { + title: "How Hackers Use Browser Extensions to Steal Data", + description: "Browser extension attack paths explained: malicious permissions, injected scripts, cookies, clipboard theft, update abuse, and data exfiltration.", + canonical: "/blog/how-hackers-use-browser-extensions-to-steal-data" + }, + priority: 0.6, + changefreq: "monthly" + }, + { + path: "/blog/spin-ai-vs-extensionshield", element: , seo: { - title: "How to Detect Malicious Chrome Extensions | ExtensionShield", - description: "Signs of malicious chrome extensions, browser extension spyware, and how to detect data exfiltration and extension hijacking. Use a chrome extension security scanner to check if an extension is safe.", - canonical: "/blog/how-to-detect-malicious-chrome-extensions" + title: "Spin.ai vs ExtensionShield: Honest Browser Extension Security Comparison", + description: "Compare Spin.ai SpinMonitor and SpinCRX with ExtensionShield for extension risk assessment, governance, open-source trust, and pre-install scanning.", + canonical: "/blog/spin-ai-vs-extensionshield" + }, + priority: 0.6, + changefreq: "monthly" + }, + { + path: "/blog/crxcavator-vs-extensionshield-2026", + element: , + seo: { + title: "CRXcavator vs ExtensionShield in 2026", + description: "Compare CRXcavator and ExtensionShield for Chrome extension risk scores, transparent methodology, SAST, governance, and pre-install scanning.", + canonical: "/blog/crxcavator-vs-extensionshield-2026" + }, + priority: 0.6, + changefreq: "monthly" + }, + { + path: "/blog/extension-auditor-vs-extensionshield", + element: , + seo: { + title: "Extension Auditor vs ExtensionShield: Which Extension Security Tool Fits?", + description: "Compare Extension Auditor and ExtensionShield for extension security, privacy review, monitoring, governance, open-source trust, and developer audits.", + canonical: "/blog/extension-auditor-vs-extensionshield" + }, + priority: 0.6, + changefreq: "monthly" + }, + { + path: "/blog/crxplorer-vs-extensionshield", + element: , + seo: { + title: "CRXplorer vs ExtensionShield: Free Scanner or Governance Platform?", + description: "Compare CRXplorer and ExtensionShield for Chrome extension risk scoring, code review, methodology transparency, and governance workflows.", + canonical: "/blog/crxplorer-vs-extensionshield" + }, + priority: 0.6, + changefreq: "monthly" + }, + { + path: "/blog/chrome-web-store-ratings-do-not-prove-extension-safety", + element: , + seo: { + title: "Why Chrome Web Store Ratings Do Not Prove an Extension Is Safe", + description: "Star ratings and reviews are useful, but they do not prove Chrome extension safety. Learn what ratings miss and what evidence to check instead.", + canonical: "/blog/chrome-web-store-ratings-do-not-prove-extension-safety" + }, + priority: 0.6, + changefreq: "monthly" + }, + { + path: "/blog/read-and-change-all-your-data-extension-permission", + element: , + seo: { + title: "Read and Change All Your Data: Chrome Extension Permission Explained", + description: "What the 'read and change all your data' Chrome extension permission means, why it can be risky, and when it may be justified.", + canonical: "/blog/read-and-change-all-your-data-extension-permission" + }, + priority: 0.6, + changefreq: "monthly" + }, + { + path: "/blog/all-urls-chrome-extension-permission", + element: , + seo: { + title: "What Is all_urls in Chrome Extensions?", + description: "Learn what the all_urls Chrome extension permission means, why all-site access is risky, and how to decide if it is justified.", + canonical: "/blog/all-urls-chrome-extension-permission" + }, + priority: 0.6, + changefreq: "monthly" + }, + { + path: "/blog/can-chrome-extensions-steal-cookies-sessions", + element: , + seo: { + title: "Can Chrome Extensions Steal Cookies or Sessions?", + description: "Can browser extensions steal cookies or sessions? Learn how cookie permissions, page access, and token exposure can create session risk.", + canonical: "/blog/can-chrome-extensions-steal-cookies-sessions" + }, + priority: 0.6, + changefreq: "monthly" + }, + { + path: "/blog/browser-extension-supply-chain-attacks", + element: , + seo: { + title: "Browser Extension Supply Chain Attacks Explained", + description: "Browser extension supply chain attacks explained: ownership changes, malicious updates, compromised publishers, remote configuration, and extension governance controls.", + canonical: "/blog/browser-extension-supply-chain-attacks" + }, + priority: 0.6, + changefreq: "monthly" + }, + { + path: "/blog/manifest-v3-extension-security", + element: , + seo: { + title: "Manifest V3 Extension Security: What Changed and What Still Matters", + description: "Manifest V3 changed Chrome extension architecture, but permissions, host access, data flows, updates, and governance still determine extension risk.", + canonical: "/blog/manifest-v3-extension-security" + }, + priority: 0.6, + changefreq: "monthly" + }, + { + path: "/blog/chrome-extension-allowlist-policy", + element: , + seo: { + title: "How to Build a Chrome Extension Allowlist Policy", + description: "Build a Chrome extension allowlist policy with risk scoring, permission thresholds, exception handling, monitoring, and audit evidence.", + canonical: "/blog/chrome-extension-allowlist-policy" + }, + priority: 0.6, + changefreq: "monthly" + }, + { + path: "/blog/browser-extension-compliance-checklist", + element: , + seo: { + title: "Browser Extension Compliance Checklist for Security Teams", + description: "A browser extension compliance checklist for enterprise teams: inventory, permissions, privacy disclosures, update monitoring, allowlists, and audit evidence.", + canonical: "/blog/browser-extension-compliance-checklist" + }, + priority: 0.6, + changefreq: "monthly" + }, + { + path: "/blog/audit-crx-zip-before-release", + element: , + seo: { + title: "How to Audit a CRX or ZIP Chrome Extension Before Release", + description: "Audit a private CRX or ZIP Chrome extension before release: SAST, permissions, privacy, policy checks, evidence, and fix guidance.", + canonical: "/blog/audit-crx-zip-before-release" + }, + priority: 0.6, + changefreq: "monthly" + }, + { + path: "/blog/best-chrome-extension-security-scanner-tools-2026", + element: , + seo: { + title: "Best Chrome Extension Security Scanner Tools in 2026", + description: "Compare Chrome extension security scanner tools in 2026: ExtensionShield, Spin.ai, CRXcavator, Extension Auditor, and CRXplorer.", + canonical: "/blog/best-chrome-extension-security-scanner-tools-2026" + }, + priority: 0.6, + changefreq: "monthly" + }, + { + path: "/blog/extension-security-scoring-explained", + element: , + seo: { + title: "Extension Security Scoring Explained: Security, Privacy, and Governance", + description: "Extension security scoring explained: how Security, Privacy, and Governance signals combine into an extension risk score.", + canonical: "/blog/extension-security-scoring-explained" }, priority: 0.6, changefreq: "monthly" @@ -402,8 +672,8 @@ export const routes = [ path: "/enterprise", element: , seo: { - title: "Browser Extension Risk Assessment & Governance (Allowlist, Monitoring) | ExtensionShield", - description: "Extension governance: allowlist policies, monitoring, audit exports. Browser extension risk assessment for enterprise. Manage Chrome extensions at scale.", + title: "Extension Governance Platform for Enterprise | ExtensionShield", + description: "Browser extension governance for enterprise: allowlist policies, update monitoring, audit exports, pre-install risk assessment, and compliance evidence.", canonical: "/enterprise" }, priority: 0.8, @@ -593,4 +863,3 @@ export const getSitemapRoutes = () => { }; export default routes; -