Extension Details
Context-Aware Verdict
The extension has very limited adoption with only 753 users and just 3 reviews, despite having a perfect 5.0 rating. The developer appears to be associated with consider.com, which suggests some level of legitimacy. However, the small user base and minimal review history make it difficult to establish strong trust indicators. The extension uses Manifest V3, which is positive from a security standpoint.
The extension requests unnecessarily broad permissions for what appears to be a professional networking or career-related tool. The cookies permission is particularly concerning as it allows access to and modification of browser cookies, which could compromise user privacy and security. The broad host permissions create potential for data collection beyond the stated purpose. Access to LinkedIn specifically raises privacy concerns about professional data harvesting. The activeTab permission, while common, adds another layer of access that may not be essential for the extension's core functionality.
Given the high-risk profile, consider running this extension in a separate Chrome profile to isolate it from your primary browsing activities and sensitive accounts. Before installation, carefully review what specific functionality the extension provides to determine if the extensive permissions are justified. Monitor the extension's behavior after installation and revoke permissions if possible through Chrome's extension settings. Consider alternative extensions with similar functionality but more limited permission requests. Given the low user adoption, you might want to wait for broader community validation before trusting it with sensitive data access.
Findings
Security Analysis Details
Required Permissions:
- activeTab
- scripting
- cookies
- storage
- alarms
Host Permissions:
- https://consider.com/*
- https://www.linkedin.com/*
Content Security Policy:
- extension_pages: default-src 'self' https://dev.consider.com:5000/ https://consider.com/ https://consider.com/ https://*.licdn.com/; script-src 'self'; connect-src 'self' https://www.linkedin.com/ https://*.licdn.com/ https://consider.com/ https://dev.consider.com:5000/; style-src 'self' 'unsafe-inline'; font-src 'self' 'unsafe-inline'; img-src https://*.cloudfront.net/ https://*.licdn.com/ data: 'self' 'unsafe-inline'
Embedded URLs (31 total):
| https://consider.com | https://www.linkedin.com | |
| https://www.linkedin.com/voyager/api/relationships/connections?count=1&start=0 | https://www.linkedin.com/in/ | |
| https://linkedin.com/in/ | https://www.linkedin.com/voyager/api/relationships/connections? | |
| https://consider.com/api/mini-profiles-network | https://www.linkedin.com/voyager/api/graphql?includeWebMetadata=true&variables= | |
| https://consider.com/extension/add-contact | https://reactjs.org/docs/error-decoder.html?invariant= | |
| http://www.w3.org/1999/xlink | http://www.w3.org/XML/1998/namespace | |
| http://www.w3.org/1999/xhtml | http://www.w3.org/2000/svg | |
| http://www.w3.org/1998/Math/MathML | https://fb.me/react-polyfills | |
| https://github.com/webpack-contrib/style-loader#insertat | http://fb.me/use-check-prop-types | |
| https://consider.com/extension/add-mini-profiles | https://consider.com/extension/add-talent | |
| https://consider.com/api/save-li-talent | https://consider.com/api/save-profile | |
| https://consider.com/projects/ | https://consider.com/talent?profileId= | |
| https://consider.com/login | https://www.linkedin.com/login | |
| https://clients2.google.com/service/update2/crx | https://consider.com/ | |
| https://www.linkedin.com/ | https://dev.consider.com:5000/ | |
| https://sketchapp.com |
Raw Manifest
{ "name": "Consider", "icons": { "16": "assets/img/icon16.png", "24": "assets/img/icon24.png", "32": "assets/img/icon32.png", "48": "assets/img/icon48.png", "128": "assets/img/icon128.png" }, "action": { "default_icon": { "16": "assets/img/icon16.png", "24": "assets/img/icon24.png", "32": "assets/img/icon32.png", "48": "assets/img/icon48.png", "128": "assets/img/icon128.png" }, "default_popup": "index.html", "default_title": "Consider" }, "version": "2.5.14", "background": { "service_worker": "background.js" }, "update_url": "https://clients2.google.com/service/update2/crx", "description": "Recruiting Platform", "permissions": [ "activeTab", "scripting", "cookies", "storage", "alarms" ], "content_scripts": [ { "js": [ "consider.js" ], "matches": [ "*://*.consider.com/*" ] } ], "host_permissions": [ "https://consider.com/*", "https://www.linkedin.com/*" ], "manifest_version": 3, "content_security_policy": { "extension_pages": "default-src 'self' https://dev.consider.com:5000/ https://consider.com/ https://consider.com/ https://*.licdn.com/; script-src 'self'; connect-src 'self' https://www.linkedin.com/ https://*.licdn.com/ https://consider.com/ https://dev.consider.com:5000/; style-src 'self' 'unsafe-inline'; font-src 'self' 'unsafe-inline'; img-src https://*.cloudfront.net/ https://*.licdn.com/ data: 'self' 'unsafe-inline'" } }
ⓘ CRXaminer has partnered with our friends at Secure Annex to provide additional findings unique to their platform.
Secure Annex also analyzes extensions from other browsers, IDEs, and can continuously monitor.
This extension may not yet be analyzed by Secure Annex.