Extension Details
Context-Aware Verdict
The extension has a relatively small user base of 5,000 users with a decent rating of 4.2 stars, though based on only 13 reviews which limits confidence in the rating. The lack of visible developer information and company details reduces transparency and accountability. The extension's purpose appears to be opening pages in Chromium browser, which is a legitimate use case.
The extension requests several powerful permissions that seem excessive for its stated functionality. The tabs permission allows manipulation of browser tabs and access to sensitive browsing information. The broad content script injection across all URLs is particularly concerning as it enables the extension to read and modify content on every website you visit, including sensitive sites like banking or email platforms. The nativeMessaging permission allows communication with external applications, which could be exploited for malicious purposes. The storage permission, while less critical, allows persistent data collection.
Given the high-risk permissions and limited transparency about the developer, consider running this extension in a separate Chrome profile to isolate potential security risks from your main browsing activities. Before installation, verify that these extensive permissions are truly necessary for the extension's core functionality. Monitor the extension's behavior closely and consider alternatives with more limited permission requests. If you must use this extension, avoid using it while accessing sensitive websites or personal accounts.
Findings
Security Analysis Details
Required Permissions:
- storage
- tabs
- contextMenus
- nativeMessaging
Optional Permissions:
- downloads
Embedded URLs (17 total):
| https://clients2.google.com/service/update2/crx | https://webextension.org/listing/open-in.html?from=chromium | |
| https://www.google.com/ | https://bing.com/ | |
| https://peter.sh/experiments/chromium-command-line-switches/ | https://github.com/andy-portmen/open-in/issues/42 | |
| https://www.google | https://github.com/andy-portmen/native-client/releases | |
| https://github.com/andy-portmen/native-client | https://www.chromium.org/for-testers/enable-logging | |
| https://developer.mozilla.org/docs/Tools/Browser_Console | https://www.youtube.com/watch?v=yZAoy8SOd7o | |
| https://www.youtube.com/watch?v=2asPoW2gJ-c | https://api.github.com/repos/andy-portmen/native-client/releases/latest | |
| http://www.w3.org/2000/svg | http://www.w3.org/1999/xlink | |
| http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd |
Raw Manifest
{ "name": "Open in Chromium Browser", "icons": { "16": "data/icons/16.png", "32": "data/icons/32.png", "48": "data/icons/48.png", "64": "data/icons/64.png", "128": "data/icons/128.png", "256": "data/icons/256.png", "512": "data/icons/512.png" }, "action": {}, "storage": { "managed_schema": "schema.json" }, "version": "0.2.4", "commands": { "_execute_action": {} }, "background": { "service_worker": "worker.js" }, "options_ui": { "page": "data/options/index.html", "open_in_tab": true }, "update_url": "https://clients2.google.com/service/update2/crx", "description": "Open the current tab or all tabs in Chromium browser or send links to Chromium from right-click context menu.", "permissions": [ "storage", "tabs", "contextMenus", "nativeMessaging" ], "homepage_url": "https://webextension.org/listing/open-in.html?from=chromium", "content_scripts": [ { "js": [ "data/script/isolated.js" ], "world": "ISOLATED", "run_at": "document_start", "matches": [ "<all_urls>" ], "all_frames": true, "match_about_blank": true }, { "js": [ "data/script/main.js" ], "world": "MAIN", "run_at": "document_start", "matches": [ "<all_urls>" ], "all_frames": true, "match_about_blank": true } ], "manifest_version": 3, "optional_permissions": [ "downloads" ] }
ⓘ CRXaminer has partnered with our friends at Secure Annex to provide additional findings unique to their platform.
Secure Annex also analyzes extensions from other browsers, IDEs, and can continuously monitor.
This extension may not yet be analyzed by Secure Annex.