[ new scan ] [ statistics ] [ github ] [ twitter ] [ help ]

LightCast Sender

Version 0.1.0.6 View in Chrome Web Store

Last scanned: about 3 hours ago

Extension Details

Rating: 3.6 ★ (14 ratings)

Users: 10,000

Context-Aware Verdict

HIGH

Overall Risk

Trust Factors:

The extension has a modest user base of 10,000 users but shows concerning trust indicators. The rating of 3.6 out of 5 with only 14 reviews suggests limited user engagement and potentially mixed experiences. The lack of clear author information and developer details raises transparency concerns. The version number (0.1.0.6) indicates this is still in early development stages, which may mean less stability and testing.

Concerns:

The extension requests an excessive combination of powerful permissions that create significant privacy and security risks. The tabs permission combined with broad host permissions (http://*//) allows comprehensive monitoring of browsing activity across all websites. The desktopCapture and tabCapture permissions enable screen recording capabilities, which could be used to capture sensitive information like passwords or personal data. The nativeMessaging permission allows communication with external applications, potentially bypassing browser security boundaries. This permission set far exceeds what would typically be necessary for most legitimate extensions.

Recommendations:

Given the high-risk profile, avoid installing this extension unless absolutely necessary. If you must use it, run it in a completely separate Chrome profile isolated from your main browsing activities. Regularly audit what data the extension might be accessing and consider using it only on non-sensitive websites. Monitor your system for unusual network activity when the extension is active, and remove it immediately if you notice any suspicious behavior.

Findings

HIGH

Broad Host Permissions

This extension has broad host permissions allowing it to access many or all websites. This could potentially be used to steal sensitive data or track browsing activity.

HIGH

High-Risk Permission: tabs

This extension has the tabs permission. Can access browser tab information and manipulate tabs. This could potentially be used maliciously to compromise security or privacy.

MEDIUM

Medium-Risk Permission: activeTab

This extension has the activeTab permission. Can access the active tab when clicking the extension icon.

MEDIUM

Medium-Risk Permission: storage

This extension has the storage permission. Can store data locally.

Raw Manifest

{
  "name": "__MSG_appName__",
  "icons": {
    "16": "image/icon_16.png",
    "128": "image/icon_128.png"
  },
  "action": {
    "default_icon": "image/icon_19.png",
    "default_popup": "popup.html",
    "default_title": "LightCast Sender"
  },
  "version": "0.1.0.6",
  "background": {
    "service_worker": "js/background.js"
  },
  "update_url": "https://clients2.google.com/service/update2/crx",
  "description": "__MSG_appDesc__",
  "permissions": [
    "tabs",
    "storage",
    "nativeMessaging",
    "desktopCapture",
    "tabCapture",
    "activeTab"
  ],
  "options_page": "options.html",
  "default_locale": "en",
  "offline_enabled": false,
  "host_permissions": [
    "http://*/"
  ],
  "manifest_version": 3,
  "minimum_chrome_version": "88"
}

by ✦ Astarte

http://meyerweb.com/eric/tools/css/reset/	http://www.apache.org/licenses/LICENSE-2.0.txt
http://www.mirroring360.com/how-it-works	http://developer.chrome.com/apps/app.window.html
https://clients2.google.com/service/update2/crx	http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd
http://www.w3.org/1999/xhtml

LightCast Sender

Extension Details

Context-Aware Verdict

Findings

Security Analysis Details

Required Permissions:

Host Permissions:

Embedded URLs (7 total):

Raw Manifest

Detections

Manifest Findings