Bitwarden chrome extension - data sharing

CRXcavator is an automated Chrome extension security assessment tool, created by DuoSecurity (Cisco), that assigns risk scores to chrome extensions based on an objective set of criteria.

The Bitwarden extension doesn’t do well. It has one critical risk and four high risk issues.

These can’t be fixed as there’s nothing wrong. The site is just showing that the extension has access to a lot of browser APIs, so if it were to become malicious it could do a lot of damage to you personally.

Ex: without “Gives your extension access to run on all ‘https’ sites.” you wouldn’t be able to use bitwarden on any HTTPS sites.

1 Like

Dear @Dark_Arc. In each of these five cases it would be helpful though to understand what data gets exchanged, through what means, and if these data are encrypted.

1 Like

If you look at the scans for other password managers on the site, Bitwarden is either similar or significantly lower. When compared to 1password it is half the risk score, or LastPass is the similar in the Permissions category but also has other high risk categories where Bitwarden does not.
Even so, it would be nice to know what info runs through those interfaces.