[ new scan ] [ statistics ] [ github ] [ twitter ]

Fake Filler

Version 4.1.0 View in Chrome Web Store

Last scanned: about 1 month ago | force re-scan

Extension Details

Developer: fakefiller.com

Rating: 4.4 ★ (757 ratings)

Size: 536KiB

Last Updated: August 3, 2024

Users: 400,000

Context-Aware Verdict

HIGH

Risk Level

Trust Factors:

- The extension has a relatively high number of users (400,000), which could indicate some level of trust and popularity.

- The developer has a website (fakefiller.com), which adds some legitimacy.

- The rating is decent (4.4 out of 5), suggesting that many users find the extension useful.

Concerns:

- The extension has the ability to inject scripts into any website (broad content script injection), which poses a significant privacy and security risk.

- The "contextMenus" permission allows the extension to add items to the context menu, which could be used for malicious purposes.

- The "activeTab" permission grants access to the active tab, potentially exposing sensitive information.

- The "storage" permission allows the extension to store data locally, which could be a privacy concern if the data is not properly secured.

Recommendations:

- Exercise caution when using this extension, as it has broad permissions and the ability to inject scripts into any website.

- Consider running the extension in a separate Chrome profile or a sandboxed environment to mitigate potential risks.

- Review the extension's privacy policy and terms of service to understand how your data is being handled.

- Monitor the extension's behavior and uninstall it if you notice any suspicious activities.

- Consider using alternative extensions with more limited permissions or from reputable sources if possible.

Security Analysis

MEDIUM

Overall Risk

Based on 4 total findings, ranked without considering overall context, including 1 high-risk and 3 medium-risk findings.

HIGH

Broad Content Script Injection

This extension can inject scripts into any website. This means it could potentially read sensitive data, modify website content, or steal credentials.

MEDIUM

Medium-Risk Permission: activeTab

This extension has the activeTab permission. Can access the active tab when clicking the extension icon.

MEDIUM

Medium-Risk Permission: contextMenus

This extension has the contextMenus permission. Can add items to the context menu.

MEDIUM

Medium-Risk Permission: storage

This extension has the storage permission. Can store data locally.

Security Analysis Details

Required Permissions:

contextMenus
activeTab
storage
scripting

Embedded URLs (45 total):

https://github.com/FakeFiller/fake-filler-extension/wiki/Keyboard-Shortcuts	http://momentjs.com/docs/#/displaying/format/
http://fent.github.io/randexp.js/	http://www.w3.org/2000/svg
https://mths.be/cssesc	http://momentjs.com/guides/#/warnings/define-locale/
http://momentjs.com/guides/#/warnings/js-date/	http://momentjs.com/guides/#/warnings/min-max/
http://momentjs.com/guides/#/warnings/add-inverted-param/	http://momentjs.com/guides/#/warnings/zone/
http://momentjs.com/guides/#/warnings/dst-shifted/	https://github.com/uuidjs/uuid#getrandomvalues-not-supported
http://www.apache.org/licenses/LICENSE-2.0	https://securetoken.google.com/
https://reactjs.org/docs/error-decoder.html?invariant=	http://www.w3.org/1999/xlink
http://www.w3.org/XML/1998/namespace	http://www.w3.org/1998/Math/MathML
http://www.w3.org/1999/xhtml	https://bit.ly/3cXEKWf
http://fb.me/use-check-prop-types	https://github.com/FakeFiller/fake-filler-extension/pull/131
https://fakefiller.com	https://github.com/FakeFiller/fake-filler-extension/pull/113
https://github.com/FakeFiller/fake-filler-extension/pull/102	https://github.com/FakeFiller/fake-filler-extension/pull/71
https://github.com/FakeFiller/fake-filler-extension/pull/66	https://github.com/FakeFiller/fake-filler-extension/pull/54
https://github.com/rowthan	https://github.com/FakeFiller/fake-filler-extension/pull/33
https://github.com/FakeFiller/fake-filler-extension/pull/25	https://github.com/FakeFiller/fake-filler-extension/pull/11
https://github.com/FakeFiller/fake-filler-extension/pull/18	https://github.com/FakeFiller/fake-filler-extension/pull/20
https://github.com/FakeFiller/fake-filler-extension/pull/10	https://github.com/FakeFiller/fake-filler-extension/pull/5
https://github.com/focus-trap/tabbable/blob/master/LICENSE	https://fakefiller.com/#pricing
https://github.com/FakeFiller/fake-filler-extension/wiki/Customization-using-Custom-Fields-and-Profiles	https://fakefiller.com/privacy
http://fakefiller.com/account/	https://github.com/FakeFiller/fake-filler-extension/wiki
https://github.com/FakeFiller/fake-filler-extension/issues	https://redux.js.org/Errors?code=
https://clients2.google.com/service/update2/crx

Raw Manifest

{
  "name": "Fake Filler",
  "icons": {
    "16": "images/icon-16.png",
    "32": "images/icon-32.png",
    "48": "images/icon-48.png",
    "64": "images/icon-64.png",
    "96": "images/icon-96.png",
    "128": "images/icon-128.png"
  },
  "action": {
    "default_icon": {
      "16": "images/icon-16.png",
      "32": "images/icon-32.png",
      "48": "images/icon-48.png",
      "64": "images/icon-64.png",
      "96": "images/icon-96.png",
      "128": "images/icon-128.png"
    },
    "default_title": "Fill All Inputs with Dummy Data"
  },
  "version": "4.1.0",
  "commands": {
    "fill_this_form": {
      "description": "Fill this form"
    },
    "fill_all_inputs": {
      "description": "Fill all inputs"
    },
    "fill_this_input": {
      "description": "Fill this input"
    }
  },
  "background": {
    "type": "module",
    "service_worker": "src/service-worker.js"
  },
  "options_ui": {
    "page": "index.html",
    "open_in_tab": true
  },
  "short_name": "Fake Filler",
  "update_url": "https://clients2.google.com/service/update2/crx",
  "description": "A form filler that fills all inputs on a page with fake/dummy data.",
  "permissions": [
    "contextMenus",
    "activeTab",
    "storage",
    "scripting"
  ],
  "default_locale": "en",
  "content_scripts": [
    {
      "js": [
        "src/content-script.js"
      ],
      "matches": [
        "<all_urls>"
      ],
      "all_frames": true
    }
  ],
  "manifest_version": 3
}

Fake Filler

Extension Details

Context-Aware Verdict

Security Analysis

Security Analysis Details

Required Permissions:

Embedded URLs (45 total):

Raw Manifest

Secure Annex (beta)