Extension Details
Context-Aware Verdict
The extension has a modest user base of 6,000 users with a decent 4.0-star rating from 50 reviews, which provides some community validation. However, the lack of developer information and missing last updated date raises transparency concerns. The simple name "Change Colors" suggests a straightforward utility function, but the extensive permissions don't align with this basic purpose.
The extension requests extremely broad permissions that far exceed what would be necessary for a color-changing tool. The combination of tabs, webNavigation, and all_urls permissions creates a surveillance capability that could track your entire browsing activity across all websites. The content script injection on all URLs means this extension can read and modify any webpage you visit, potentially capturing passwords, personal information, or financial data. The use of Manifest V2 indicates outdated security standards, making it more vulnerable to exploitation.
Do not install this extension due to its critical risk level. If color customization is needed, look for alternatives with minimal permissions that only request access to specific sites or use activeTab permission. If you must use this extension, run it in a completely separate Chrome profile isolated from your main browsing activities, banking, or any sensitive accounts. Consider browser-native accessibility features or well-established extensions from verified developers instead.
Findings
Security Analysis Details
Required Permissions:
- tabs
- webNavigation
- http://*/*
- https://*/*
- <all_urls>
Embedded URLs (10 total):
| https://github.com/Strav/Change-Colors | http://www.openjs.com/scripts/events/keyboard_shortcuts/ | |
| http://www.lalit.org/lab/jsoncookies | http://creativecommons.org/licenses/by-sa/2.5/ | |
| http://www.gnu.org/copyleft/lesser.html | http://odvarko.cz | |
| http://jscolor.com | https://clients2.google.com/service/update2/crx | |
| http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd | http://www.w3.org/1999/xhtml |
Raw Manifest
{ "name": "Change Colors", "icons": { "16": "icons/colors_icons.png", "32": "icons/colors_icons.png", "48": "icons/colors_icons.png", "128": "icons/colors_icons.png" }, "version": "2.244", "background": { "scripts": [ "background_page.js" ], "persistent": false }, "update_url": "https://clients2.google.com/service/update2/crx", "description": "Change pages styling according to the user's preferences.", "page_action": { "default_icon": "icons/colors_icons.png", "default_popup": "popup.html", "default_title": "Change Colors" }, "permissions": [ "tabs", "webNavigation", "http://*/*", "https://*/*", "<all_urls>" ], "options_page": "options.html", "content_scripts": [ { "js": [ "convert.js" ], "run_at": "document_start", "matches": [ "<all_urls>" ], "all_frames": true } ], "manifest_version": 2, "minimum_chrome_version": "33.0" }
ⓘ CRXaminer has partnered with our friends at Secure Annex to provide additional findings unique to their platform.
Secure Annex also analyzes extensions from other browsers, IDEs, and can continuously monitor.
This extension may not yet be analyzed by Secure Annex.