If you've ever been responsible for browser security at a company, you probably used CRXcavator. Duo Security built it, Cisco acquired Duo, and then quietly killed CRXcavator in 2023. No replacement. No migration path. Just gone. That left a gap. Your options today are Spin.AI (starting at $5,000/year with enterprise minimums) or doing it manually — downloading each extension, unzipping the CRX file, reading the manifest.json, and trying to figure out what <all_urls> actually means for your attack surface. Neither option works well if you're a security engineer at a mid-size company, a consultant doing vendor assessments, or an IT admin who just needs to know which of the 47 extensions installed across your org can read every website your employees visit. What Made CRXcavator Useful CRXcavator did one thing really well: it took a Chrome extension ID, pulled apart the CRX package, and told you exactly what permissions the extension had and how risky they were.…