[ new scan ] [ statistics ] [ github ] [ twitter ] [ help ]

Web Page Downloader

Version 3.0.3.5 View in Chrome Web Store

Last scanned: about 4 hours ago

Extension Details

Rating: 4.2 ★ (199 ratings)

Users: 50,000

Context-Aware Verdict

HIGH

Overall Risk

Trust Factors:

The extension has a moderate user base of 50,000 users and a decent rating of 4.2/5 from 199 reviews, which suggests basic functionality and user satisfaction. However, the lack of visible developer information and company details raises transparency concerns. The extension name clearly indicates its purpose as a web page downloader, which aligns with the requested permissions.

Concerns:

The extension requests extremely broad access through <all_urls> host permissions, allowing it to access and potentially monitor all websites you visit. The combination of tabs permission with broad host access creates significant privacy risks, as it can view tab information across all sites. The downloads permission, while necessary for the core functionality, could be misused to download unwanted files or access your download history. The scripting permission combined with broad host access means the extension can execute code on any website, potentially modifying content or extracting sensitive information.

Recommendations:

Given the high-risk profile, consider running this extension in a separate Chrome profile dedicated to downloading tasks. Only enable the extension when actively needed for downloading web pages, then disable it afterward. Regularly review your download folder for any unexpected files. Consider alternative solutions like browser bookmarking or built-in save features for less sensitive content. If you must use this extension, avoid using it while accessing sensitive websites like banking or personal accounts.

Findings

HIGH

Broad Host Permissions

This extension has broad host permissions allowing it to access many or all websites. This could potentially be used to steal sensitive data or track browsing activity.

HIGH

High-Risk Permission: downloads

This extension has the downloads permission. Can download files and access download history. This could potentially be used maliciously to compromise security or privacy.

HIGH

High-Risk Permission: tabs

This extension has the tabs permission. Can access browser tab information and manipulate tabs. This could potentially be used maliciously to compromise security or privacy.

MEDIUM

Medium-Risk Permission: activeTab

This extension has the activeTab permission. Can access the active tab when clicking the extension icon.

Security Analysis Details

Required Permissions:

activeTab
tabs
scripting
sidePanel
downloads

Optional Permissions:

storage

Host Permissions:

<all_urls>

Embedded URLs (19 total):

https://chromewebstore.google.com/detail/web-page-downloader/aeojmgngnebhbjpncamiplkimkbnmpmk/support	https://chromewebstore.google.com/detail/web-page-downloader/aeojmgngnebhbjpncamiplkimkbnmpmk/reviews
http://www.w3.org/2000/svg	https://www.google.com/favicon.ico
https://clients2.google.com/service/update2/crx	https://www.7-zip.org/
https://peazip.github.io/	https://theunarchiver.com/
https://www.keka.io/en/	http://www.w3.org/1999/xhtml
https://react.dev/errors/	http://www.w3.org/1998/Math/MathML
http://www.w3.org/1999/xlink	http://www.w3.org/XML/1998/namespace
https://stuk.github.io/jszip/documentation/howto/read_zip.html	http://www.w3.org/2000/xmlns/
http://www.ibm.com/data/dtd/v11/ibmxhtml1-transitional.dtd	https://tinyurl.com/y2uuvskb
http://bit.ly/2kdckMn

Raw Manifest

{
  "key": "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApTyUPl8CfSZdoX1Pi5q+MoARgDSL8dO6BuoFX+wuAxsi+tA89OhxnsH4NvdcYJGyOhbzMFdhbJ7EXsVDIhZz5i5SVSlq23iA/vXJcJfm/eJh+B/4fm3jB8ziOASZ0XshzwV8VFgXMTeOVTyV8SCs12tP2HO8yCx+4ldcqBzf7aqtJX+YtULuYsvQIvj8b58pLJwu6KsM1j9A7DFjAYNVjAZmJMzyygQSXQ/fGM9wMbqnaFtW3uKGFYJ8q3REKXZhFDiOjH9HJGvpvAfz30BFBSV9vl4IQZW9Vn+D7678mh5xsIBej05+ygS7jMNVyTRtuhsK2p3tXUz2LlQKqj9/WQIDAQAB",
  "name": "__MSG_extensionName__",
  "icons": {
    "16": "icons/16x16.png",
    "32": "icons/32x32.png",
    "48": "icons/48x48.png",
    "64": "icons/64x64.png",
    "96": "icons/96x96.png",
    "128": "icons/128x128.png",
    "256": "icons/256x256.png"
  },
  "action": {
    "default_icon": "icons/128x128.png",
    "default_title": "__MSG_extensionActionTitle__"
  },
  "version": "3.0.3.5",
  "background": {
    "type": "module",
    "service_worker": "background.js"
  },
  "update_url": "https://clients2.google.com/service/update2/crx",
  "description": "__MSG_extensionDescription__",
  "permissions": [
    "activeTab",
    "tabs",
    "scripting",
    "sidePanel",
    "downloads"
  ],
  "default_locale": "en",
  "host_permissions": [
    "<all_urls>"
  ],
  "manifest_version": 3,
  "optional_permissions": [
    "storage"
  ],
  "web_accessible_resources": [
    {
      "matches": [
        "<all_urls>"
      ],
      "resources": [
        "locales/*.json"
      ]
    }
  ]
}

by ✦ Astarte

Web Page Downloader

Extension Details

Context-Aware Verdict

Findings

Security Analysis Details

Required Permissions:

Optional Permissions:

Host Permissions:

Embedded URLs (19 total):

Raw Manifest

Detections

Manifest Findings