Starting analysis...
Extension Details
Developer:
fakefiller.com
Rating:
4.4 ★
(757 ratings)
Size:
536KiB
Last Updated:
August 3, 2024
Users:
400,000
Context-Aware Verdict
This section provides a Claude-based AI analysis that applies additional context to the risk. Results are not guaranteed to be accurate.
HIGH
Risk Level
Trust Factors:
- The extension has a relatively high number of users (400,000), which could indicate some level of trust and popularity.
- The developer has a website (fakefiller.com), which adds some legitimacy.
- The rating is decent (4.4 out of 5), suggesting that many users find the extension useful.
Concerns:
- The extension has the ability to inject scripts into any website (broad content script injection), which poses a significant privacy and security risk.
- The "contextMenus" permission allows the extension to add items to the context menu, which could be used for malicious purposes.
- The "activeTab" permission grants access to the active tab, potentially exposing sensitive information.
- The "storage" permission allows the extension to store data locally, which could be a privacy concern if the data is not properly secured.
Recommendations:
- Exercise caution when using this extension, as it has broad permissions and the ability to inject scripts into any website.
- Consider running the extension in a separate Chrome profile or a sandboxed environment to mitigate potential risks.
- Review the extension's privacy policy and terms of service to understand how your data is being handled.
- Monitor the extension's behavior and uninstall it if you notice any suspicious activities.
- Consider using alternative extensions with more limited permissions or from reputable sources if possible.
Security Analysis
This section provides a detailed analysis of the extension's security posture, without broader context. Assumes worst-case impact.
MEDIUM
Overall Risk
Based on 4 total findings, ranked without considering overall context, including 1 high-risk and 3 medium-risk findings.
HIGH
Broad Content Script Injection
This extension can inject scripts into any website. This means it could potentially read sensitive data, modify website content, or steal credentials.
MEDIUM
Medium-Risk Permission: activeTab
This extension has the activeTab permission. Can access the active tab when clicking the extension icon.
MEDIUM
Medium-Risk Permission: contextMenus
This extension has the contextMenus permission. Can add items to the context menu.
MEDIUM
Medium-Risk Permission: storage
This extension has the storage permission. Can store data locally.
Security Analysis Details
Required Permissions:
- contextMenus
- activeTab
- storage
- scripting
Embedded URLs (45 total):
| https://github.com/FakeFiller/fake-filler-extension/wiki/Keyboard-Shortcuts | http://momentjs.com/docs/#/displaying/format/ | |
| http://fent.github.io/randexp.js/ | http://www.w3.org/2000/svg | |
| https://mths.be/cssesc | http://momentjs.com/guides/#/warnings/define-locale/ | |
| http://momentjs.com/guides/#/warnings/js-date/ | http://momentjs.com/guides/#/warnings/min-max/ | |
| http://momentjs.com/guides/#/warnings/add-inverted-param/ | http://momentjs.com/guides/#/warnings/zone/ | |
| http://momentjs.com/guides/#/warnings/dst-shifted/ | https://github.com/uuidjs/uuid#getrandomvalues-not-supported | |
| http://www.apache.org/licenses/LICENSE-2.0 | https://securetoken.google.com/ | |
| https://reactjs.org/docs/error-decoder.html?invariant= | http://www.w3.org/1999/xlink | |
| http://www.w3.org/XML/1998/namespace | http://www.w3.org/1998/Math/MathML | |
| http://www.w3.org/1999/xhtml | https://bit.ly/3cXEKWf | |
| http://fb.me/use-check-prop-types | https://github.com/FakeFiller/fake-filler-extension/pull/131 | |
| https://fakefiller.com | https://github.com/FakeFiller/fake-filler-extension/pull/113 | |
| https://github.com/FakeFiller/fake-filler-extension/pull/102 | https://github.com/FakeFiller/fake-filler-extension/pull/71 | |
| https://github.com/FakeFiller/fake-filler-extension/pull/66 | https://github.com/FakeFiller/fake-filler-extension/pull/54 | |
| https://github.com/rowthan | https://github.com/FakeFiller/fake-filler-extension/pull/33 | |
| https://github.com/FakeFiller/fake-filler-extension/pull/25 | https://github.com/FakeFiller/fake-filler-extension/pull/11 | |
| https://github.com/FakeFiller/fake-filler-extension/pull/18 | https://github.com/FakeFiller/fake-filler-extension/pull/20 | |
| https://github.com/FakeFiller/fake-filler-extension/pull/10 | https://github.com/FakeFiller/fake-filler-extension/pull/5 | |
| https://github.com/focus-trap/tabbable/blob/master/LICENSE | https://fakefiller.com/#pricing | |
| https://github.com/FakeFiller/fake-filler-extension/wiki/Customization-using-Custom-Fields-and-Profiles | https://fakefiller.com/privacy | |
| http://fakefiller.com/account/ | https://github.com/FakeFiller/fake-filler-extension/wiki | |
| https://github.com/FakeFiller/fake-filler-extension/issues | https://redux.js.org/Errors?code= | |
| https://clients2.google.com/service/update2/crx |
Raw Manifest
{ "name": "Fake Filler", "icons": { "16": "images/icon-16.png", "32": "images/icon-32.png", "48": "images/icon-48.png", "64": "images/icon-64.png", "96": "images/icon-96.png", "128": "images/icon-128.png" }, "action": { "default_icon": { "16": "images/icon-16.png", "32": "images/icon-32.png", "48": "images/icon-48.png", "64": "images/icon-64.png", "96": "images/icon-96.png", "128": "images/icon-128.png" }, "default_title": "Fill All Inputs with Dummy Data" }, "version": "4.1.0", "commands": { "fill_this_form": { "description": "Fill this form" }, "fill_all_inputs": { "description": "Fill all inputs" }, "fill_this_input": { "description": "Fill this input" } }, "background": { "type": "module", "service_worker": "src/service-worker.js" }, "options_ui": { "page": "index.html", "open_in_tab": true }, "short_name": "Fake Filler", "update_url": "https://clients2.google.com/service/update2/crx", "description": "A form filler that fills all inputs on a page with fake/dummy data.", "permissions": [ "contextMenus", "activeTab", "storage", "scripting" ], "default_locale": "en", "content_scripts": [ { "js": [ "src/content-script.js" ], "matches": [ "<all_urls>" ], "all_frames": true } ], "manifest_version": 3 }
Secure Annex (beta)
Coming soon...