Extension Details
Context-Aware Verdict
The extension has a modest user base of 10,000 users with a moderate rating of 3.8/5 from 36 reviews. However, several trust indicators are missing including author information, developer details, and last update date, which raises transparency concerns. The lack of developer information makes it difficult to assess the publisher's credibility and track record.
The extension's broad permissions are disproportionate to its apparent functionality as a frame-by-frame video tool. The <all_urls> host permissions and content script injection capabilities allow it to access and modify any website you visit, including sensitive sites like banking or email platforms. This creates significant potential for data theft, credential harvesting, or unauthorized tracking. The storage permission, while less concerning individually, could be used to persist stolen data or tracking information across sessions.
Given the high risk level, consider running this extension in a separate Chrome profile dedicated to video-related tasks only. Avoid using this profile for sensitive activities like banking, shopping, or accessing personal accounts. Before installation, verify if similar functionality is available through browser-native features or extensions with more limited permissions. If you must use this extension, regularly review your browser's security settings and consider using additional privacy protection measures. Monitor for any unusual browser behavior or unexpected network activity after installation.
Findings
Security Analysis Details
Required Permissions:
- storage
Optional Permissions:
- downloads
Host Permissions:
- <all_urls>
Embedded URLs (5 total):
| http://www.w3.org/2000/svg | https://addons.mozilla.org | |
| https://chrome.google.com/webstore | https://microsoftedge.microsoft.com/addons | |
| https://clients2.google.com/service/update2/crx |
Raw Manifest
{ "name": "Frame By Frame", "icons": { "16": "assets/icons/16.png", "32": "assets/icons/32.png", "48": "assets/icons/48.png", "128": "assets/icons/128.png" }, "action": { "default_popup": "options-page/index.html" }, "version": "3.5", "background": { "service_worker": "background.js" }, "update_url": "https://clients2.google.com/service/update2/crx", "description": "__MSG_description__", "permissions": [ "storage" ], "options_page": "options-page/index.html", "default_locale": "en", "content_scripts": [ { "js": [ "content-scripts/core.js", "content-scripts/cursor.js", "content-scripts/events.js", "content-scripts/locale.js", "content-scripts/messages.js", "content-scripts/observer.js", "content-scripts/storage.js", "content-scripts/ui.js", "content-scripts/videos.js", "content-scripts/init.js", "content-scripts/features/data.js", "content-scripts/features/events.js", "content-scripts/features/storage.js", "content-scripts/features/ui.js" ], "css": [ "content-scripts/styles.css" ], "run_at": "document_start", "matches": [ "<all_urls>" ], "all_frames": true } ], "offline_enabled": true, "host_permissions": [ "<all_urls>" ], "manifest_version": 3, "optional_permissions": [ "downloads" ] }
ⓘ CRXaminer has partnered with our friends at Secure Annex to provide additional findings unique to their platform.
Secure Annex also analyzes extensions from other browsers, IDEs, and can continuously monitor.
This extension may not yet be analyzed by Secure Annex.