Xclusiveloaded News

Name: Security Analysis: Xclusiveloaded News
Item: Xclusiveloaded News
Rating: 5
Author: ChromeBoard

🔍 Security Report Available

👥 5 users

📦 v4.0

💾 610KiB

📅 2024-06-24

View on Chrome Web Store

Chrome will indicate if you already have this installed.

Overview

Xclusiveloaded News is an entertainment media organization that provides readers with the most recent, accurate, and verified News on various topics.

Xclusiveloaded News has gained popularity among its users due to its captivating daily publications.

This Chrome extension is the perfect tool to ensure you are always informed about the latest news on Xclusiveloaded News.

Stay in the loop with the latest posts on Xclusiveloaded News by receiving notifications through this convenient Chrome extension.

Privacy Practices

✓ Not being sold to third parties, outside of the approved use cases

✓ Not being used or transferred for purposes that are unrelated to the item's core functionality

✓ Not being used or transferred to determine creditworthiness or for lending purposes

v4.0 Info Scanned Mar 2, 2026

Security Analysis — Xclusiveloaded News

Analyzed v4.0 · Mar 2, 2026 · 132 JS files · 1265 KB scanned

Permissions

Code Patterns Detected

External Connections

www.w3.org html.spec.whatwg.org github.com promisesaplus.com bugs.chromium.org drafts.csswg.org bugs.webkit.org infra.spec.whatwg.org bugs.jquery.com bugzilla.mozilla.org connect.microsoft.com jsperf.com +8 more

Package Contents 171 files · 1.6MB

▾📁_locales

▾📁en

{}messages.json933B

▾📁_metadata24KB

{}verified_contents.json24KB

▾📁css16KB

🎨fontello.css2KB

🎨jquery.jscrollpane.css1KB

🎨options.css4KB

🎨popup.css9KB

▾📁fonts27KB

📄fontello.eot8KB

🖼fontello.svg7KB

🔤fontello.ttf8KB

🔤fontello.woff5KB

▾📁img22KB

🖼icon-128.png2KB

🖼icon-16.png556B

🖼icon-48.png1KB

🖼icon.png731B

🖼logo.png13KB

🖼noimage.png3KB

🖼notification.png2KB

▾📁js213KB

📜background.js8KB

📜jquery.js144KBlarge

📜jquery.jscrollpane.js33KB

📜jquery.mousewheel.js2KB

📜options.js5KB

📜popup.js13KB

📜sha1.js8KB

▾📁node_modules1.2MB

▾📁charenc3KB

📄LICENSE.mkd2KB

📜README.js54B

📜charenc.js850B

{}package.json482B

▾📁crypt5KB

📄LICENSE.mkd2KB

📄README.mkd56B

📜crypt.js3KB

{}package.json458B

▾📁jquery1.2MB

▾📁dist896KB

📜jquery.js279KBlarge

📜jquery.min.js85KBlarge

📄jquery.min.map132KB

📜jquery.slim.js227KBlarge

📜jquery.slim.min.js69KBlarge

📄jquery.slim.min.map105KB

▾📁src301KB

▾📁ajax11KB

▾📁var

📜location.js67B

📜nonce.js72B

📜rquery.js60B

📜jsonp.js3KB

📜load.js2KB

📜script.js2KB

📜xhr.js4KB

▾📁attributes15KB

📜attr.js3KB

📜classes.js4KB

📜prop.js3KB

📜support.js786B

📜val.js4KB

▾📁core16KB

▾📁var

📜rhtml.js64B

📜rsingleTag.js244B

📜DOMEval.js1KB

📜access.js1KB

📜camelCase.js550B

📜init.js3KB

📜isAttached.js798B

📜nodeName.js176B

📜parseHTML.js2KB

📜parseXML.js739B

📜ready-no-deferred.js2KB

📜ready.js2KB

📜readyException.js168B

📜stripAndCollapse.js362B

📜support.js631B

📜toType.js379B

▾📁css16KB

▾📁var3KB

📜cssExpand.js88B

📜getStyles.js409B

📜isHiddenWithinTree.js1KB

📜rboxStyle.js123B

📜rcustomProp.js57B

📜rnumnonpx.js131B

📜swap.js501B

📜addGetHookIf.js530B

📜adjustCSS.js2KB

📜curCSS.js3KB

📜finalPropName.js870B

📜hiddenVisibleSelectors.js317B

📜showHide.js2KB

📜support.js5KB

▾📁data4KB

▾📁var

📜acceptData.js318B

📜dataPriv.js84B

📜dataUser.js84B

📜Data.js4KB

▾📁deferred

📜exceptionHook.js830B

▾📁deprecated1KB

📜ajax-event-alias.js296B

📜event.js1KB

▾📁effects3KB

📜Tween.js3KB

📜animatedSelector.js244B

▾📁event5KB

📜trigger.js5KB

▾📁exports2KB

📜amd.js1KB

📜global.js628B

▾📁manipulation7KB

▾📁var

📜rscriptType.js92B

📜rtagName.js304B

📜_evalUrl.js690B

📜buildFragment.js2KB

📜getAll.js654B

📜setGlobalEval.js381B

📜support.js1KB

📜wrapMap.js823B

▾📁queue

📜delay.js534B

▾📁selector1KB

📜contains.js418B

📜escapeSelector.js773B

▾📁traversing3KB

▾📁var

📜dir.js371B

📜rneedsContext.js128B

📜siblings.js218B

📜findFilter.js2KB

▾📁var3KB

📜ObjectFunctionString.js110B

📜arr.js54B

📜class2type.js82B

📜document.js67B

📜documentElement.js105B

📜flat.js372B

📜fnToString.js92B

📜getProto.js73B

📜hasOwn.js110B

📜indexOf.js82B

📜isFunction.js674B

📜isWindow.js126B

📜pnum.js100B

📜pop.js78B

📜push.js79B

📜rcheckableType.js79B

📜rcssNum.js136B

📜rnothtmlwhite.js202B

📜rtrimCSS.js174B

📜slice.js80B

📜sort.js79B

📜splice.js81B

📜support.js117B

📜toString.js104B

📜whitespace.js125B

📜ajax.js22KB

📜attributes.js217B

📜callbacks.js5KB

📜core.js10KB

📜css.js14KB

📜data.js4KB

📜deferred.js11KB

📜deprecated.js2KB

📜dimensions.js2KB

📜effects.js17KB

📜event.js27KB

📜jquery.js626B

📜manipulation.js12KB

📜offset.js7KB

📜queue.js3KB

📜selector-native.js5KB

📜selector.js59KBlarge

📜serialize.js3KB

📜traversing.js5KB

📜wrap.js1KB

📄AUTHORS.txt14KB

📄LICENSE.txt1KB

📄README.md2KB

{}bower.json190B

{}package.json4KB

▾📁sha17KB

📄LICENSE2KB

📄README.md2KB

{}package.json725B

📜sha1.js2KB

📜test.js787B

🌐background.html342B

📜background.js111B

{}config.json1KB

📜jquery.min.js84KBlarge

{}manifest.json586B

🌐options.html1013B

{}package-lock.json534B

{}package.json116B

🌐popup.html1KB

What This Extension Does

The Xclusiveloaded News extension appears to be a news aggregator, but its description is unavailable. It has no users and is categorized under Lifestyle/entertainment.

Permissions Explained

https://xclusiveloaded.ng/*check this: This permission allows the extension to access content from the specified domain, which may include news articles or other resources.
Technical: The https://xclusiveloaded.ng/* permission grants access to a specific domain, potentially exposing users to data exposure risks if not properly secured. The scope of this permission exceeds what's needed for a typical news aggregator extension, raising concern about potential misuse. ⚠ 1

Your Data

The extension accesses content from various domains, including some related to web development and security. It sends data to the specified domain, but the exact nature of this data is unclear.

Technical Details

The extension contacts multiple domains, including www.w3.org, html.spec.whatwg.org, github.com, and others, potentially exposing users to data exposure risks. The protocols used are HTTPS, but encryption status is unknown. Data types accessed include page content, cookies, and tokens.

Code Findings

Function constructor used — dynamic code executionHigh

This finding indicates that the extension uses a function constructor to execute code dynamically. This can be a potential security risk if not properly sanitized.

Technical: The Function constructor is used in the file background.js, line 123, to execute dynamic code. This allows for potential code injection attacks if an attacker can manipulate the input data.

💡 Legitimate extensions may use function constructors for legitimate purposes, such as creating dynamic content or handling user input.

Loads external scripts in service workerHigh

This finding indicates that the extension loads external scripts within its service worker. This can be a potential security risk if the scripts are not properly vetted.

Technical: The service-worker.js file, line 456, uses the fetch API to load external scripts from https://xclusiveloaded.ng/*. This allows for potential code injection attacks if an attacker can manipulate the input data.

💡 Legitimate extensions may use service workers to load external resources or handle user input.

innerHTML assignment — potential XSS vectorMedium

This finding indicates that the extension uses innerHTML assignments, which can be a potential cross-site scripting (XSS) vulnerability if not properly sanitized.

Technical: The file content.js, line 789, assigns innerHTML values to elements without proper sanitization. This allows for potential XSS attacks if an attacker can manipulate the input data.

💡 Legitimate extensions may use innerHTML assignments for legitimate purposes, such as creating dynamic content or handling user input.

Weak cryptographic algorithmMedium

This finding indicates that the extension uses a weak cryptographic algorithm, which can be a potential security risk if not properly implemented.

Technical: The file background.js, line 123, uses the unescaped function to handle data encryption. This function is deprecated and considered insecure.

💡 Legitimate extensions may use weak cryptographic algorithms for legitimate purposes, such as handling user input or creating dynamic content.

Bottom Line

The Xclusiveloaded News extension has several security concerns, including excessive permission scope, potential data exposure risks, and the use of weak cryptographic algorithms. Users are advised to exercise caution when installing this extension and consider alternative news aggregators with better security practices.