Extension Details
Context-Aware Verdict
The extension has extremely limited trust indicators with only 21 users and no visible developer information or company reputation. The lack of transparency regarding the author and developer details is concerning. While it maintains a 5.0 rating, this is based on an unspecified number of reviews from a very small user base, making it statistically unreliable.
The extension requests an excessive combination of powerful permissions that far exceed what would be necessary for basic image assistance functionality. The tabs permission combined with broad host permissions and content script injection capabilities creates a dangerous attack surface. The nativeMessaging permission is particularly concerning as it allows communication with native applications on the user's system, which could facilitate system-level compromise. The <all_urls> host permissions grant unrestricted access to every website, enabling potential data theft, credential harvesting, and privacy violations across all browsing activity.
Do not install this extension due to its critical risk profile. The permission set suggests potential malware rather than legitimate image assistance functionality. If image processing capabilities are needed, seek well-established alternatives from reputable developers with transparent company information and substantial user bases. If you must test this extension, use a completely isolated Chrome profile with no access to personal accounts or sensitive data, and monitor system activity closely.
Findings
Security Analysis Details
Required Permissions:
- tabs
- activeTab
- contextMenus
- notifications
- nativeMessaging
- storage
Host Permissions:
- <all_urls>
Embedded URLs (9 total):
| https://clients2.google.com/service/update2/crx | https://addons.mozilla.org/en-US/firefox/addon/790 | |
| https://github.com/Adazes/imageassistant/raw/v0.9.5.7/dist/platform/ | https://dev.opera.com/extensions/message-passing/ | |
| https://developer.chrome.com/docs/extensions/develop/concepts/native-messaging | https://wiki.mozilla.org/WebExtensions/Native_Messaging | |
| https://developer.mozilla.org/en-US/Add-ons/WebExtensions/Native_messaging | https://docs.microsoft.com/en-us/microsoft-edge/extensions/guides/native-messaging | |
| https://adazes.com/rklm/ |
Raw Manifest
{ "name": "__MSG_ia__", "icons": { "48": "img/icon.48x48.png" }, "version": "0.9.5.7", "background": { "service_worker": "chrome/addons/ia/ImageAssistantClient.js" }, "options_ui": { "page": "options/options.html", "open_in_tab": true, "browser_style": true }, "update_url": "https://clients2.google.com/service/update2/crx", "description": "__MSG_extDescription__", "permissions": [ "tabs", "activeTab", "contextMenus", "notifications", "nativeMessaging", "storage" ], "homepage_url": "https://addons.mozilla.org/en-US/firefox/addon/790", "default_locale": "en", "content_scripts": [ { "js": [ "chrome/util/logging/Logger.js", "chrome/util/Constants.js", "chrome/util/Utilities.js", "chrome/util/StringUtilities.js", "chrome/content/overlay/js/ImageAssistantFrameClient.js" ], "matches": [ "<all_urls>" ], "all_frames": true } ], "host_permissions": [ "<all_urls>" ], "manifest_version": 3, "web_accessible_resources": [ { "matches": [ "<all_urls>" ], "resources": [ "img/icon.png" ] }, { "matches": [ "*://*/*" ], "resources": [ "platform/saving_launcher.json", "platform/verification/SHA256SUMS", "platform/verification/KEYS", "platform/verification/SHA256SUMS.gpg" ] } ] }
ⓘ CRXaminer has partnered with our friends at Secure Annex to provide additional findings unique to their platform.
Secure Annex also analyzes extensions from other browsers, IDEs, and can continuously monitor.
This extension may not yet be analyzed by Secure Annex.