[ new scan ] [ statistics ] [ github ] [ twitter ] [ help ]

Pinturillo 2

Version 1.19 View in Chrome Web Store

Last scanned: about 15 hours ago

Extension Details

Developer: https://www.pinturillo2.com/

Rating: 4.1 ★ (199 ratings)

Context-Aware Verdict

MEDIUM

Overall Risk

Trust Factors: The extension has a decent rating of 4.1 stars from 199 users, which suggests reasonable user satisfaction. The developer appears to be associated with the official Pinturillo 2 website, indicating some legitimacy. However, the lack of visible user count, last update date, and detailed developer information raises some transparency concerns.

Concerns:

- The unlimitedStorage permission seems excessive for what appears to be a drawing/guessing game extension, potentially allowing unlimited data collection

- Notifications permission could be used for spam or unwanted promotional messages

- Uses outdated Manifest V2, which has weaker security protections compared to V3

- Missing critical metadata like user count and last update date makes it difficult to assess popularity and maintenance status

- Limited technical implementation details suggest a relatively simple extension, but the storage permission seems disproportionate

Recommendations:

Consider whether you truly need this extension's functionality, as the unlimited storage permission could pose privacy risks. If you decide to install it, monitor what data it stores locally and be prepared to receive notifications. Given the medium risk level, you might want to install it in a separate Chrome profile to isolate any potential issues from your main browsing environment. Look for alternative extensions with more restrictive permissions or Manifest V3 compliance if available.

Findings

MEDIUM

Medium-Risk Permission: notifications

This extension has the notifications permission. Can show notifications.

MEDIUM

Medium-Risk Permission: unlimitedStorage

This extension has the unlimitedStorage permission. Can store unlimited data locally.

MEDIUM

Older Manifest Version

This extension uses Manifest Version 2, which has fewer security restrictions than Manifest V3. Consider using extensions that have upgraded to V3.

Raw Manifest

{
  "app": {
    "urls": [
      "https://www.pinturillo2.com/"
    ],
    "launch": {
      "web_url": "https://www.pinturillo2.com/"
    }
  },
  "name": "Pinturillo 2",
  "icons": {
    "128": "icon128.png"
  },
  "author": "Chachiware",
  "version": "1.19",
  "background": {
    "persistent": false
  },
  "update_url": "https://clients2.google.com/service/update2/crx",
  "description": "__MSG_appDesc__",
  "permissions": [
    "unlimitedStorage",
    "notifications"
  ],
  "default_locale": "en",
  "manifest_version": 2
}

by ✦ Astarte

Pinturillo 2

Extension Details

Context-Aware Verdict

Findings

Security Analysis Details

Required Permissions:

Embedded URLs (2 total):

Raw Manifest

Detections

Manifest Findings