[ new scan ] [ statistics ] [ github ] [ twitter ] [ help ]

Save to Koofr

Version 1.4.0 View in Chrome Web Store

Last scanned: 3 months ago | force re-scan

Extension Details

Rating: 4.1 ★ (16 ratings)

Users: 9,000

Context-Aware Verdict

MEDIUM

Overall Risk

Trust Factors:

The extension has a modest user base of 9,000 users with a decent 4.1-star rating, though based on only 16 reviews which limits confidence in the rating reliability. The extension appears to be a legitimate cloud storage integration tool for Koofr, a known cloud storage service. However, the lack of visible developer information and recent update details reduces transparency and trust.

Concerns:

The primary concern is the broad host permissions (http://*/*, https://*/*, <all_urls>) which grant access to all websites. This is excessive for a cloud storage extension that should only need access to specific domains. The combination of activeTab permission with broad host access creates potential for data collection across all browsing activity. Content scripts running on all HTTP/HTTPS sites further amplify privacy risks. The contextMenus and notifications permissions, while functional for the extension's purpose, add to the overall permission footprint.

Recommendations:

Consider running this extension in a separate Chrome profile if you frequently handle sensitive information online. Review what data you're saving through the extension and ensure it aligns with your privacy expectations. Monitor the extension's behavior and disable it when not actively needed. Look for alternative cloud storage extensions with more restrictive permissions if available. Given the broad access permissions, this extension should only be installed if Koofr integration is essential to your workflow.

Findings

HIGH

Broad Host Permissions

This extension has broad host permissions allowing it to access many or all websites. This could potentially be used to steal sensitive data or track browsing activity.

MEDIUM

Medium-Risk Permission: activeTab

This extension has the activeTab permission. Can access the active tab when clicking the extension icon.

MEDIUM

Medium-Risk Permission: contextMenus

This extension has the contextMenus permission. Can add items to the context menu.

MEDIUM

Medium-Risk Permission: notifications

This extension has the notifications permission. Can show notifications.

MEDIUM

Medium-Risk Permission: storage

This extension has the storage permission. Can store data locally.

Raw Manifest

{
  "name": "__MSG_extName__",
  "icons": {
    "16": "icon16.png",
    "48": "icon48.png",
    "128": "icon128.png"
  },
  "action": {
    "default_icon": "icon128.png",
    "default_title": "__MSG_extName__"
  },
  "version": "1.4.0",
  "commands": {
    "screenshot": {
      "description": "__MSG_screenshotCmdDesc__",
      "suggested_key": {
        "mac": "Command+Shift+K",
        "default": "Ctrl+Shift+K"
      }
    },
    "saveLargestImage": {
      "description": "__MSG_screenshotCmdDesc__",
      "suggested_key": {
        "mac": "Command+Shift+L",
        "default": "Ctrl+Shift+L"
      }
    }
  },
  "background": {
    "service_worker": "background.js"
  },
  "update_url": "https://clients2.google.com/service/update2/crx",
  "description": "__MSG_extDesc__",
  "permissions": [
    "contextMenus",
    "storage",
    "activeTab",
    "alarms",
    "notifications"
  ],
  "default_locale": "en",
  "content_scripts": [
    {
      "js": [
        "content_script.js"
      ],
      "matches": [
        "http://*/*",
        "https://*/*"
      ]
    }
  ],
  "host_permissions": [
    "http://*/*",
    "https://*/*",
    "<all_urls>"
  ],
  "manifest_version": 3,
  "web_accessible_resources": [
    {
      "matches": [
        "*://*/*"
      ],
      "resources": [
        "content_script.js",
        "present"
      ]
    }
  ]
}

by ✦ Astarte

Save to Koofr

Extension Details

Context-Aware Verdict

Findings

Security Analysis Details

Required Permissions:

Host Permissions:

Embedded URLs (2 total):

Raw Manifest

Detections

Manifest Findings