Is "BrowseBuddy" on Chrome Web Store Safe to Install?

AI Security Review

Risky Plugins reviewed this extension with an AI-assisted security workflow on 2026-04-28. The review verdict is likely false positive with 75% confidence.

Recommended action: no action.
Risk context: MEDIUM risk, score 44/100.
Evidence context: threat category none; evidence quality moderate.

BrowseBuddy is a cashback and deals extension that generates only 6 findings, all classified as medium-severity network calls. The network findings appear in content/features/featured-products.js:47, options/options.js:437, utils/rewards.js:328, utils/rewards.js:301, utils/revenue.js:78, and utils/revenue.js:64. These file paths and names align directly with the extension's stated purpose: fetching featured products, managing user rewards, and tracking revenue for the cashback system.

Critically, this extension has zero malware signatures, zero IoCs (no specific suspicious domains were extracted), zero obfuscation findings, and zero code-smell detections. The network findings report only that fetch calls exist without identifying any specific destination domains. This is a known limitation of the CVEQ network detector, which flags the presence of fetch() without always extracting the target URL. Without domain information, these findings cannot establish whether the extension contacts malicious infrastructure.

The developer identity ([email protected]) uses a personal Gmail address rather than a verified company domain, which warrants scrutiny but does not constitute evidence of malicious intent. The zero user count indicates this is a newly published extension without social proof, but new extensions are not inherently dangerous.

The strongest counterargument is that cashback extensions are commonly abused for adware and browser hijacking. Malicious extensions in this category typically exhibit specific indicators: custom search engine domains, new tab page replacement, or tracking domains. None of these patterns appear in the findings. The absence of malware signatures is particularly significant—confirmed malicious extensions consistently trigger at least one malware signature when obfuscation or suspicious network activity is present. This extension triggers none.

The file structure further supports benign functionality. The options/options.js path indicates a standard settings page, content/features/featured-products.js suggests a content script for product display, and utils/rewards.js/utils/revenue.js indicate utility modules for the rewards system. These are standard patterns for legitimate cashback extensions.

No action is required. The findings represent expected network behavior for an extension that fetches product data and rewards information. If specific suspicious domains were identified in the fetch calls, the verdict would change, but the current evidence shows only generic fetch activity without malicious destinations.

Key Reasons

• Zero malware signatures detected
• Zero suspicious IoCs or domains extracted
• Zero obfuscation findings
• Network calls align with stated cashback functionality
• File paths match legitimate extension structure

False Positive Considerations

• Generic fetch calls flagged without domain context
• Network findings lack specific destination URLs
• No IoC extraction from network calls