How to Find All the Unsafe-eval Chrome Extensions

Not all the Chrome extensions are safe for use. In that case, it is better to explore the Chrome extensions that you have installed and check whether all of them are safe or not. You can even follow the same method of searching for unsafe-eval content security policy in other browsers as well. Variety of unsafe extensions were there in the list of extensions earlier, which recorded and later sold the user’s browsing data. Almost four million browser installations were harmed due to privacy-related problems associated with dangerous browser extensions. These extensions used unsafe-eval, which comes as a well-documented Content Security Policy directive. It was used for downloading remote payload and collecting and transferring browsing information. There is no unsafe-eval related issue mentioned in the extension section of the Chrome. Most of the available extensions on the Chrome web store doesn’t highlight its use.

The extensions that are declared unsafe-eval are not ideal for use at all. Before pressing the “add to Chrome” option, users need to review the manifest file first.

Follow these steps for verifying any Chrome Web Store extension before installation:

  1. Firstly, you will have to get  the Chrome Extension Source Viewer extension on your Chrome browser.
  2. Then, check the profile page of the desired extension
  3. From there, select the CRX icon and then “View Source.”
  4. Click on the manifest.json file then and search for unsafe-eval. Use the F3 button for opening the on-page search.

By opening the manifest.json file of all the installed extensions, you can check out if there is an unsafe-eval declaration or not. For speeding up the process, it is even possible to search through all of the available extensions.

Here’s the process:

  1. You need to download the outstanding tool called Everything to your system first or use other text editors such as Notepad+++ or UltraSearch.
  2. Then, right-click on the program and select “Run as administrator.”
  3. Choose Search and then Advanced Search to move ahead with the process.
  4. You have to enter unsafe-eval in the section where it is written “A word or phrase in the file.”
  5. Click on the c: drive or select the extensions directory quickly.

* For finding the path, you need to load chrome://version/ in the URL bar.

* Select the profile path value now. For example,  C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Profile 1

* Enter the copied path value and paste it in the dedicated section.

  1. Ensure that you have chosen “include subfolders.”
  2. Click on the ok option to complete the process.

With the use of Everything to your system tool, you can thoroughly search the folder structure and all files associated files for the chosen phrase. You need to now open manifest.json files and double-click on them for opening. For searching unsafe-eval, access the built-in search for searching. This method can be used on other browsers as well. 

Deam Jones is a self-professed security expert; he has been making the people aware of the security threats. His passion is to write about Cyber security, cryptography, malware, social engineering, internet and new media. He writes for Norton security products at


Source:-  Chrome Extensions

Post a Comment