Extension Details
Rating:
3.1 ★
(15 ratings)
Users:
10,000
Context-Aware Verdict
This section provides a Claude-based AI analysis that applies additional context to the risk. Results are not guaranteed to be accurate.
HIGH
Overall Risk
Trust Factors:
The extension has a relatively small user base of 10,000 users and a concerning rating of 3.1 out of 5 stars with only 15 reviews, suggesting user dissatisfaction. The lack of developer information and company details raises transparency concerns. The generic name "Media Downloader" without specific branding or clear developer identity is a red flag for potentially suspicious extensions.
Key Concerns:
The combination of broad host permissions (<all_urls>) with downloads capability creates significant security risks. The extension can access all websites and download files, which could be exploited for malicious purposes like unauthorized data collection or malware distribution. The activeTab permission, while common, combined with scripting capabilities allows the extension to execute code on any website you visit. The low user rating suggests the extension may not function as expected or could have problematic behavior.
Recommendations:
Given the high-risk profile, consider running this extension in a separate Chrome profile to isolate potential security threats from your main browsing environment. Before installation, verify the extension's legitimacy through official sources and read user reviews carefully. Consider alternative media downloaders from more established developers with better ratings and transparency. If you must use this extension, regularly monitor your downloads folder for unexpected files and be cautious about which websites you visit while it's active. Consider uninstalling if you notice any suspicious behavior or unexpected downloads.
Findings
This section provides a detailed analysis of the extension's security posture, without broader context. Assumes worst-case impact.
HIGH
Broad Host Permissions
This extension has broad host permissions allowing it to access many or all websites. This could potentially be used to steal sensitive data or track browsing activity.
HIGH
High-Risk Permission: downloads
This extension has the downloads permission. Can download files and access download history. This could potentially be used maliciously to compromise security or privacy.
MEDIUM
Medium-Risk Permission: activeTab
This extension has the activeTab permission. Can access the active tab when clicking the extension icon.
MEDIUM
Medium-Risk Permission: contextMenus
This extension has the contextMenus permission. Can add items to the context menu.
MEDIUM
Medium-Risk Permission: storage
This extension has the storage permission. Can store data locally.
Security Analysis Details
Required Permissions:
- activeTab
- sidePanel
- downloads
- scripting
- storage
- contextMenus
Host Permissions:
- https://www.gstatic.com/
- <all_urls>
Content Security Policy:
- extension_pages: script-src 'self'; object-src 'self'
- sandbox: sandbox allow-scripts
Embedded URLs (161 total):
| https://registry.npmjs.org/@discoveryjs/json-ext/-/json-ext-0.5.7.tgz | https://registry.npmjs.org/@jridgewell/gen-mapping/-/gen-mapping-0.3.5.tgz | |
| https://registry.npmjs.org/@jridgewell/resolve-uri/-/resolve-uri-3.1.2.tgz | https://registry.npmjs.org/@jridgewell/set-array/-/set-array-1.2.1.tgz | |
| https://registry.npmjs.org/@jridgewell/source-map/-/source-map-0.3.6.tgz | https://registry.npmjs.org/@jridgewell/sourcemap-codec/-/sourcemap-codec-1.5.0.tgz | |
| https://registry.npmjs.org/@jridgewell/trace-mapping/-/trace-mapping-0.3.25.tgz | https://registry.npmjs.org/@types/chrome/-/chrome-0.0.272.tgz | |
| https://registry.npmjs.org/@types/estree/-/estree-1.0.6.tgz | https://registry.npmjs.org/@types/filesystem/-/filesystem-0.0.36.tgz | |
| https://registry.npmjs.org/@types/filewriter/-/filewriter-0.0.33.tgz | https://registry.npmjs.org/@types/har-format/-/har-format-1.2.15.tgz | |
| https://registry.npmjs.org/@types/json-schema/-/json-schema-7.0.15.tgz | https://registry.npmjs.org/@types/node/-/node-22.7.4.tgz | |
| https://registry.npmjs.org/@webassemblyjs/ast/-/ast-1.12.1.tgz | https://registry.npmjs.org/@webassemblyjs/floating-point-hex-parser/-/floating-point-hex-parser-1.11.6.tgz | |
| https://registry.npmjs.org/@webassemblyjs/helper-api-error/-/helper-api-error-1.11.6.tgz | https://registry.npmjs.org/@webassemblyjs/helper-buffer/-/helper-buffer-1.12.1.tgz | |
| https://registry.npmjs.org/@webassemblyjs/helper-numbers/-/helper-numbers-1.11.6.tgz | https://registry.npmjs.org/@webassemblyjs/helper-wasm-bytecode/-/helper-wasm-bytecode-1.11.6.tgz | |
| https://registry.npmjs.org/@webassemblyjs/helper-wasm-section/-/helper-wasm-section-1.12.1.tgz | https://registry.npmjs.org/@webassemblyjs/ieee754/-/ieee754-1.11.6.tgz | |
| https://registry.npmjs.org/@webassemblyjs/leb128/-/leb128-1.11.6.tgz | https://registry.npmjs.org/@webassemblyjs/utf8/-/utf8-1.11.6.tgz | |
| https://registry.npmjs.org/@webassemblyjs/wasm-edit/-/wasm-edit-1.12.1.tgz | https://registry.npmjs.org/@webassemblyjs/wasm-gen/-/wasm-gen-1.12.1.tgz | |
| https://registry.npmjs.org/@webassemblyjs/wasm-opt/-/wasm-opt-1.12.1.tgz | https://registry.npmjs.org/@webassemblyjs/wasm-parser/-/wasm-parser-1.12.1.tgz | |
| https://registry.npmjs.org/@webassemblyjs/wast-printer/-/wast-printer-1.12.1.tgz | https://registry.npmjs.org/@webpack-cli/configtest/-/configtest-2.1.1.tgz | |
| https://registry.npmjs.org/@webpack-cli/info/-/info-2.0.2.tgz | https://registry.npmjs.org/@webpack-cli/serve/-/serve-2.0.5.tgz | |
| https://registry.npmjs.org/@xtuc/ieee754/-/ieee754-1.2.0.tgz | https://registry.npmjs.org/@xtuc/long/-/long-4.2.2.tgz | |
| https://registry.npmjs.org/acorn/-/acorn-8.12.1.tgz | https://registry.npmjs.org/acorn-import-attributes/-/acorn-import-attributes-1.9.5.tgz | |
| https://registry.npmjs.org/ajv/-/ajv-6.12.6.tgz | https://github.com/sponsors/epoberezkin | |
| https://registry.npmjs.org/ajv-keywords/-/ajv-keywords-3.5.2.tgz | https://registry.npmjs.org/ansi-styles/-/ansi-styles-4.3.0.tgz | |
| https://github.com/chalk/ansi-styles?sponsor=1 | https://registry.npmjs.org/braces/-/braces-3.0.3.tgz | |
| https://registry.npmjs.org/browserslist/-/browserslist-4.24.0.tgz | https://opencollective.com/browserslist | |
| https://tidelift.com/funding/github/npm/browserslist | https://github.com/sponsors/ai | |
| https://registry.npmjs.org/buffer-from/-/buffer-from-1.1.2.tgz | https://registry.npmjs.org/caniuse-lite/-/caniuse-lite-1.0.30001664.tgz | |
| https://tidelift.com/funding/github/npm/caniuse-lite | https://registry.npmjs.org/chalk/-/chalk-4.1.2.tgz | |
| https://github.com/chalk/chalk?sponsor=1 | https://registry.npmjs.org/chrome-trace-event/-/chrome-trace-event-1.0.4.tgz | |
| https://registry.npmjs.org/clone-deep/-/clone-deep-4.0.1.tgz | https://registry.npmjs.org/color-convert/-/color-convert-2.0.1.tgz | |
| https://registry.npmjs.org/color-name/-/color-name-1.1.4.tgz | https://registry.npmjs.org/colorette/-/colorette-2.0.20.tgz | |
| https://registry.npmjs.org/commander/-/commander-2.20.3.tgz | https://registry.npmjs.org/cross-spawn/-/cross-spawn-7.0.3.tgz | |
| https://registry.npmjs.org/electron-to-chromium/-/electron-to-chromium-1.5.29.tgz | https://registry.npmjs.org/enhanced-resolve/-/enhanced-resolve-5.17.1.tgz | |
| https://registry.npmjs.org/envinfo/-/envinfo-7.14.0.tgz | https://registry.npmjs.org/es-module-lexer/-/es-module-lexer-1.5.4.tgz | |
| https://registry.npmjs.org/escalade/-/escalade-3.2.0.tgz | https://registry.npmjs.org/eslint-scope/-/eslint-scope-5.1.1.tgz | |
| https://registry.npmjs.org/esrecurse/-/esrecurse-4.3.0.tgz | https://registry.npmjs.org/estraverse/-/estraverse-5.3.0.tgz | |
| https://registry.npmjs.org/estraverse/-/estraverse-4.3.0.tgz | https://registry.npmjs.org/events/-/events-3.3.0.tgz | |
| https://registry.npmjs.org/fast-deep-equal/-/fast-deep-equal-3.1.3.tgz | https://registry.npmjs.org/fast-json-stable-stringify/-/fast-json-stable-stringify-2.1.0.tgz | |
| https://registry.npmjs.org/fastest-levenshtein/-/fastest-levenshtein-1.0.16.tgz | https://registry.npmjs.org/fill-range/-/fill-range-7.1.1.tgz | |
| https://registry.npmjs.org/find-up/-/find-up-4.1.0.tgz | https://registry.npmjs.org/flat/-/flat-5.0.2.tgz | |
| https://registry.npmjs.org/function-bind/-/function-bind-1.1.2.tgz | https://github.com/sponsors/ljharb | |
| https://registry.npmjs.org/glob-to-regexp/-/glob-to-regexp-0.4.1.tgz | https://registry.npmjs.org/graceful-fs/-/graceful-fs-4.2.11.tgz | |
| https://registry.npmjs.org/has-flag/-/has-flag-4.0.0.tgz | https://registry.npmjs.org/hasown/-/hasown-2.0.2.tgz |
Page 1 of 3
Raw Manifest
{ "name": "Media Downloader", "icons": { "16": "/images/icon16.png", "48": "/images/icon48.png", "128": "/images/icon128.png" }, "action": { "default_icon": { "16": "/images/icon16.png", "48": "/images/icon48.png", "128": "/images/icon128.png" } }, "author": "Dawid Jeż", "version": "2.1.0", "background": { "service_worker": "/dist/background/background.bundle.js" }, "side_panel": { "default_path": "/views/downloader.html" }, "update_url": "https://clients2.google.com/service/update2/crx", "description": "Browse and download images, video and audio on a web page.", "permissions": [ "activeTab", "sidePanel", "downloads", "scripting", "storage", "contextMenus" ], "options_page": "/views/options.html", "host_permissions": [ "https://www.gstatic.com/", "<all_urls>" ], "manifest_version": 3, "minimum_chrome_version": "116", "content_security_policy": { "sandbox": "sandbox allow-scripts", "extension_pages": "script-src 'self'; object-src 'self'" }, "web_accessible_resources": [ { "matches": [ "<all_urls>" ], "resources": [ "/css/*", "/icons/*", "/images/*", "/views/changelog.html", "/views/options.html" ] } ] }
ⓘ CRXaminer has partnered with our friends at Secure Annex to provide additional findings unique to their platform.
Secure Annex also analyzes extensions from other browsers, IDEs, and can continuously monitor.
Loading Secure Annex data...
Unable to load Secure Annex data.
This extension may not yet be analyzed by Secure Annex.
Detections
0Critical
0
High
0
Medium
0
Low
0
Has Verdicts
Yes
Manifest Findings
0Critical
0
High
0
Medium
0
Low
0
Secure Annex analyzed version: -