Extension Details
Rating:
4.5 ★
(220 ratings)
Users:
50,000
Context-Aware Verdict
This section provides a Claude-based AI analysis that applies additional context to the risk. Results are not guaranteed to be accurate.
HIGH
Overall Risk
Trust Factors: The extension has a solid user base of 50,000 users and a good rating of 4.5 stars from 220 reviews, which suggests basic functionality and user satisfaction. However, the lack of visible developer information raises transparency concerns about who is behind this extension.
Concerns: The primary red flag is the overly broad host permissions (*://*/*) which grants access to all websites. For a drawing tool that should primarily function as a standalone application, this level of web access is completely unnecessary and suspicious. The combination of storage, activeTab, and scripting permissions with universal host access creates a powerful surveillance toolkit that could monitor browsing activity, inject malicious scripts, or steal sensitive data from any website you visit.
The permissions profile suggests capabilities far beyond what a simple drawing application requires. A legitimate paint tool should only need basic storage for saving drawings locally, not comprehensive web access.
Recommendations: This extension poses significant privacy and security risks due to its excessive permissions. Consider running it in a completely separate Chrome profile if you must use it, ensuring no sensitive browsing occurs in that profile. Better yet, seek alternative drawing tools that operate with minimal permissions or use standalone drawing applications that don't require browser extensions at all.
Findings
This section provides a detailed analysis of the extension's security posture, without broader context. Assumes worst-case impact.
HIGH
Broad Host Permissions
This extension has broad host permissions allowing it to access many or all websites. This could potentially be used to steal sensitive data or track browsing activity.
MEDIUM
Medium-Risk Permission: activeTab
This extension has the activeTab permission. Can access the active tab when clicking the extension icon.
MEDIUM
Medium-Risk Permission: storage
This extension has the storage permission. Can store data locally.
Security Analysis Details
Required Permissions:
- storage
- activeTab
- scripting
Host Permissions:
- *://*/*
Embedded URLs (8 total):
| https://clients2.google.com/service/update2/crx | http://www.w3.org/2000/svg | |
| https://www.google.com/search?q=cute+puppies | https://vanilla-picker.js.org | |
| https://github.com/Sphinxxxx | https://github.com/dissimulate | |
| http://sizzlejs.com/ | http://jquery.org/license |
Raw Manifest
{ "name": "__MSG_appName__", "icons": { "16": "/assets/icons/default_icons/16.png", "48": "/assets/icons/default_icons/48.png", "128": "/assets/icons/default_icons/128.png" }, "action": { "default_icon": "/assets/icons/default_icons/48.png", "default_title": "Paint on tab" }, "version": "2.0", "background": { "service_worker": "scripts/worker.js" }, "update_url": "https://clients2.google.com/service/update2/crx", "description": "__MSG_appDesc__", "permissions": [ "storage", "activeTab", "scripting" ], "options_page": "html/settings.html", "default_locale": "en", "host_permissions": [ "*://*/*" ], "manifest_version": 3, "web_accessible_resources": [ { "matches": [ "<all_urls>" ], "resources": [ "assets/fonts/*.*", "assets/icons/*" ] } ] }
ⓘ CRXaminer has partnered with our friends at Secure Annex to provide additional findings unique to their platform.
Secure Annex also analyzes extensions from other browsers, IDEs, and can continuously monitor.
Loading Secure Annex data...
Unable to load Secure Annex data.
This extension may not yet be analyzed by Secure Annex.
Detections
0Critical
0
High
0
Medium
0
Low
0
Has Verdicts
Yes
Manifest Findings
0Critical
0
High
0
Medium
0
Low
0
Secure Annex analyzed version: -