Starting analysis...
dark reader - dark mode for Chrome
Version 1.0.7 View in Chrome Web Store
Extension Details
Context-Aware Verdict
The extension has a solid user base of 60,000 users and maintains a good rating of 4.6 stars from 227 reviews, suggesting general user satisfaction. The developer website (darkreader.net) appears to be associated with the legitimate Dark Reader project, which is a well-known dark mode extension. However, the relatively low download count compared to the official Dark Reader extension (which has millions of users) raises some questions about authenticity.
The extension requests extremely broad permissions that are typical for dark mode extensions but create significant security exposure. The combination of all_urls host permissions with content script injection capabilities means this extension can read and modify content on every website you visit. While the tabs permission is somewhat justified for a dark mode extension to detect page changes, it adds another layer of potential privacy risk. The storage permission, though lower risk, allows the extension to persist data locally.
Given the high-risk permission set, consider running this extension in a separate Chrome profile dedicated to non-sensitive browsing. Before installing, verify this is the official Dark Reader extension by checking if there's a more popular version available. Monitor the extension's behavior and consider alternatives with more limited permissions if available. If you must use this extension, avoid using it while accessing sensitive websites like banking or email services. Regularly review what data the extension might be collecting through Chrome's extension management settings.
Findings
Security Analysis Details
Required Permissions:
- storage
- tabs
Host Permissions:
- <all_urls>
Embedded URLs (113 total):
| http://www.w3.org/2000/svg | http://www.w3.org/1999/xlink | |
| https://github.com/Pixabay/jQuery-tagEditor | http://code.accursoft.com/caret | |
| http://www.w3.org/1998/Math/MathML | https://chrome.google.com | |
| https://darkreader.net/contact.html | https://darkreader.net/how-it-works.html | |
| http://feross.org | https://feross.org/opensource | |
| https://addons.mozilla.org/ | https://chrome.google.com/webstore | |
| https://microsoftedge.microsoft.com/addons | https://google.com/ | |
| https://www.gstatic.com/images/branding/googlelogo | https://www.hcaptcha.com/ | |
| https://images.squarespace-cdn.com | https://allmacworld.com/blocs-free-download/ | |
| https://allmacworld.com/waves-v11-complete-download-free/ | https://allmacworld.com/3dequalizer-4-for-mac-free-download/ | |
| https://allmacworld.com/sylenth1-for-mac-free-download/ | https://allmacworld.com/synapse-audio-legend-free-download/ | |
| https://github.githubassets.com/favicon.ico | https://latexmath.bolo-app.com/render/ | |
| https://www.bankier.pl/ | https://cdn.blahdns.com/logo.png | |
| https://cdn.blahdns.com/kofi4.png | https://www.mozilla.org/ | |
| https://donate.mozilla.org/ | https://s3.castbox.fm/webstatic/images/userIcon.06c408dc.png | |
| https://cppm3144.itdhosting.de/niku/ui/uitk/images/odf.png | https://dej.rae.es | |
| https://duckduckgo.com/assets/icons/thirdparty/wikipedia.svg | https://duckduckgo.com/assets/logo_homepage.alt.v108.svg | |
| https://duckduckgo.com/assets/logo_header.alt.v108.svg | https://imgv3.fotor.com/images/background/background-image.png | |
| https://github.com | https://github.blog/wp-content/uploads/2019/03/BlogHeaders_Aligned_CHANGELOG | |
| https://i0.wp.com/user-images.githubusercontent.com/ | https://i1.wp.com/user-images.githubusercontent.com/ | |
| https://i2.wp.com/user-images.githubusercontent.com/ | https://github.githubassets.com/images/modules/site/icons/footer/github-logo.svg | |
| https://github.githubassets.com/images/modules/site/home/community-sponsor- | https://github.githubassets.com/images/modules/site/home/community-readme- | |
| https://github.githubassets.com/images/modules/site/home/community-discussions- | https://github.githubassets.com/images/modules/site/home/dependabot-merge.png | |
| https://github.githubassets.com/images/modules/site/home/dependabot-pr.png | https://github.githubassets.com/images/modules/site/home/gh-desktop.png | |
| https://github.githubassets.com/images/modules/site/home/pr-merge.png | https://github.githubassets.com/images/modules/site/home/pr-comment.png | |
| https://github.githubassets.com/images/modules/site/home/pr-description.png | https://github.githubassets.com/images/modules/site/home/pr-screen.png | |
| https://github.githubassets.com/images/modules/site/home/enterprise-city-w-logos.jpg | https://github.githubassets.com/images/modules/site/codespaces/codespaces-icon.png | |
| https://github.githubassets.com/images/modules/site/codespaces/dependency-rust.png | https://github.githubassets.com/images/modules/site/codespaces/dependency-3.png | |
| https://github.githubassets.com/images/modules/site/codespaces/dependencies- | https://github.githubassets.com/images/modules/site/codespaces/commit-3.png | |
| https://github.githubassets.com/images/modules/site/codespaces/extensions-1.png | https://github.githubassets.com/images/modules/site/codespaces/extensions-2.png | |
| https://github.githubassets.com/images/modules/site/codespaces/commit-workflow.png | https://github.githubassets.com/images/modules/site/codespaces/workflow-view.png | |
| https://github.githubassets.com/images/modules/site/codespaces/code.png | https://github.githubassets.com/images/email/explore/explore-gradient-icon.png | |
| https://raw.githubusercontent.com/github/explore/80688e429a7d4ef2fca1e82350fe8e3517d3494d/collections/learn-to-code/learn-to-code.png | https://apps.apple.com/app/ | |
| https://hypothes.is | https://www.jpl.nasa.gov/assets/images/logo_nasa_trio_white@2x.png | |
| https://postlight.com/ | https://www.minecraftskins.com/bundles/app/images/mask.png | |
| https://bi.im-g.pl/im/0/24525/m24525630.png | https://staticz.novelgames.com/style/default/common_e.5.png | |
| https://staticz.novelgames.com/style/default/common.8.png | https://docs.google.com | |
| https://forms.gle | https://pch24.pl | |
| https://www.gstatic.com/android/market_images/web/play_prism_hlock_2x.png | http://www.emcdda.europa.eu/about | |
| http://www.scp-wiki.net/local--files/component:theme/body_bg.png | https://static.senscritique.com/img/layout/icons/chevrons/chevron-size3.png?201710121789416 |
Raw Manifest
{ "name": "__MSG_name__", "icons": { "32": "assets/static/32.png", "64": "assets/static/64.png", "128": "assets/static/128.png" }, "action": { "default_title": "__MSG_title__" }, "version": "1.0.7", "background": { "service_worker": "background.js" }, "update_url": "https://clients2.google.com/service/update2/crx", "description": "__MSG_desc__", "permissions": [ "storage", "tabs" ], "options_page": "./options.html", "default_locale": "en", "content_scripts": [ { "js": [ "control-panel.js", "dark-mode-content.js" ], "css": [ "assets/style-injector.css" ], "run_at": "document_start", "matches": [ "<all_urls>" ] } ], "host_permissions": [ "<all_urls>" ], "manifest_version": 3, "web_accessible_resources": [ { "matches": [ "<all_urls>" ], "resources": [ "static/*", "assets/*.svg", "assets/*.png", "assets/*.css", "assets/*.otf" ] } ] }
ⓘ CRXaminer has partnered with our friends at Secure Annex to provide additional findings unique to their platform.
Secure Annex also analyzes extensions from other browsers, IDEs, and can continuously monitor.
This extension may not yet be analyzed by Secure Annex.