Extension Details
Context-Aware Verdict
The extension has a modest user base of 2,000 users with a decent rating of 4.1 stars from 41 reviews, suggesting some level of user satisfaction. However, several trust factors are concerning: the extension name appears to be in Hebrew (יואל גבע), but there's no clear description of what the extension does, no author information provided, and no developer details available. The lack of transparency about the extension's purpose and creator significantly reduces trustworthiness.
The most significant concern is the overly broad permissions for an extension with an unclear purpose. The combination of http://*/* and https://*/* permissions with content script injection means this extension can access and modify content on every website you visit. The storage and unlimitedStorage permissions allow it to store unlimited data locally, which could be used to collect and retain browsing information. The use of Manifest V2 indicates outdated security standards. The complete absence of a meaningful description makes it impossible to determine if these extensive permissions are justified.
Given the broad permissions and lack of transparency, consider running this extension in a separate Chrome profile if you must use it. Better yet, try to identify what specific functionality you need and find a more transparent alternative. Contact the developer for clarification about the extension's purpose before continued use. Monitor your browsing behavior for any unusual activity while this extension is active.
Findings
Security Analysis Details
Required Permissions:
- storage
- unlimitedStorage
- http://*/*
- https://*/*
Embedded URLs (7 total):
| https://www.geva.co.il/?utm_source=Chrome-ext&utm_medium=Referral | https://campus.geva.co.il/Login/lostPassword.php | |
| https://clients2.google.com/service/update2/crx | https://fonts.googleapis.com/css?family=Open+Sans | |
| https://campus.geva.co.il/ajax/vocab/getStudentWords.php | https://campus.geva.co.il/ajax/vocab/getFullWordsList.php | |
| https://campus.geva.co.il/ajax/user/mobile-login.php |
Raw Manifest
{ "name": "יואל גבע", "icons": { "8": "images/8x8_y.png", "32": "images/32x32_y.png", "64": "images/64x64_y.png", "128": "images/128x128_y.png", "256": "images/256x256_y.png", "512": "images/512x512_y.png" }, "version": "3.1", "background": { "scripts": [ "scripts/eventpage.js" ], "persistent": false }, "update_url": "https://clients2.google.com/service/update2/crx", "description": "הצגת ערכים מילוניים", "permissions": [ "storage", "unlimitedStorage", "http://*/*", "https://*/*" ], "browser_action": { "default_icon": { "8": "images/8x8_g.png", "32": "images/32x32_g.png", "64": "images/64x64_g.png", "128": "images/128x128_g.png", "256": "images/256x256_g.png", "512": "images/512x512_g.png" }, "default_popup": "html/options.html" }, "content_scripts": [ { "js": [ "scripts/contentscript.js" ], "run_at": "document_idle", "matches": [ "http://*/*", "https://*/*" ], "all_frames": false } ], "manifest_version": 2, "web_accessible_resources": [ "scripts/script.js", "css/style.css", "images/icon_small_logo.png", "images/icon_volume.png" ] }
ⓘ CRXaminer has partnered with our friends at Secure Annex to provide additional findings unique to their platform.
Secure Annex also analyzes extensions from other browsers, IDEs, and can continuously monitor.
This extension may not yet be analyzed by Secure Annex.