what font - find font
Version 5.4.6 View in Chrome Web Store
Last scanned: 11 days ago
| force re-scan
Extension Details
Rating:
4.4 ★
(94 ratings)
Size:
141KiB
Last Updated:
September 5, 2024
Users:
1,000,000
Context-Aware Verdict
This section provides a Claude-based AI analysis that applies additional context to the risk. Results are not guaranteed to be accurate.
HIGH
Risk Level
Trust Factors:
- The extension has a large user base of 1,000,000 users, which suggests some level of trust and popularity.
- The rating of 4.4 out of 5 stars from 94 reviews indicates generally positive user experiences.
- However, the lack of developer information or a company reputation makes it difficult to fully assess the trustworthiness of the extension.
Concerns:
- The extension requests broad host permissions (<all_urls>) and can inject content scripts into any website, raising privacy and security concerns.
- The unlimitedStorage permission allows the extension to store an unlimited amount of data locally, which could potentially be misused to store sensitive user data.
- The activeTab permission grants access to the active tab, which could be exploited to capture sensitive information or perform unauthorized actions.
Recommendations:
- Exercise caution when using this extension, as it has broad permissions that could potentially compromise your privacy and security.
- Consider running the extension in a separate Chrome profile or an incognito window to isolate its activities from your main browsing session.
- Regularly review the extension's permissions and activities, and uninstall it if you notice any suspicious behavior or if you no longer need its functionality.
- Look for alternative extensions with similar functionality but more transparent developer information and more limited permissions.
Security Analysis
This section provides a detailed analysis of the extension's security posture, without broader context. Assumes worst-case impact.
HIGH
Overall Risk
Based on 5 total findings, ranked without considering overall context, including 2 high-risk and 3 medium-risk findings.
HIGH
Broad Content Script Injection
This extension can inject scripts into any website. This means it could potentially read sensitive data, modify website content, or steal credentials.
HIGH
Broad Host Permissions
This extension has broad host permissions allowing it to access many or all websites. This could potentially be used to steal sensitive data or track browsing activity.
MEDIUM
Medium-Risk Permission: activeTab
This extension has the activeTab permission. Can access the active tab when clicking the extension icon.
MEDIUM
Medium-Risk Permission: storage
This extension has the storage permission. Can store data locally.
MEDIUM
Medium-Risk Permission: unlimitedStorage
This extension has the unlimitedStorage permission. Can store unlimited data locally.
Security Analysis Details
Required Permissions:
- scripting
- storage
- unlimitedStorage
- activeTab
Host Permissions:
- <all_urls>
Embedded URLs (12 total):
| http://fontfind.net/uninstall/ | http://www.google.com/webfonts/family?family= | |
| http://fontdeck.com/api/v1/project-info?project= | http://fontdeck.com/search?q= | |
| http://www.w3.org/2000/svg | http://www.w3.org/1999/xhtml | |
| http://html2canvas.appspot.com/ | https://sizzlejs.com/ | |
| http://jquery.org/license | https://jquery.com/ | |
| https://jquery.org/license | https://clients2.google.com/service/update2/crx |
Raw Manifest
{ "name": "__MSG_name__", "icons": { "48": "icon/icon48.png", "96": "icon/icon96.png", "128": "icon/icon128.png", "256": "icon/icon256.png" }, "action": { "default_icon": { "76": "icon/icon76.png", "96": "icon/icon96.png", "128": "icon/icon128.png", "256": "icon/icon256.png" }, "default_title": "WhatFont" }, "version": "5.4.6", "background": { "service_worker": "background.js" }, "short_name": "WhatFont", "update_url": "https://clients2.google.com/service/update2/crx", "description": "__MSG_description__", "permissions": [ "scripting", "storage", "unlimitedStorage", "activeTab" ], "options_page": "option.html", "version_name": "5.4.6", "default_locale": "en", "content_scripts": [ { "js": [ "libs/jquery.js", "chrome.js", "libs/html2canvas.min.js" ], "run_at": "document_start", "matches": [ "<all_urls>" ], "all_frames": true } ], "host_permissions": [ "<all_urls>" ], "manifest_version": 3, "web_accessible_resources": [ { "matches": [ "<all_urls>" ], "resources": [ "style.css", "in.css", "icon/*.png" ] } ] }
Secure Annex (beta)
Coming soon...