FeedPal: Turn Your Browser Into an RSS Reader
Version 0.0.23 View in Chrome Web Store
Extension Details
Context-Aware Verdict
The extension has extremely limited trust indicators with only 199 users and just 3 ratings, despite having a perfect 5.0 rating. The very low adoption rate for an RSS reader suggests limited community validation. The lack of visible developer information and company details raises additional transparency concerns. RSS readers are legitimate tools, but this particular extension's minimal user base makes it difficult to assess reliability.
The permission set is excessive for a basic RSS reader functionality. The bookmarks permission is unnecessary for RSS reading and creates privacy risks. History access goes beyond what's needed for feed management and could enable comprehensive browsing surveillance. The broad host permissions across all websites (http://*/*, https://*/*) combined with tabs permission creates potential for extensive data collection and cross-site tracking. The unlimitedStorage permission, while potentially useful for storing feeds, could be misused for data hoarding.
Given the critical risk level, avoid installing this extension on your primary browser profile. If you must use it, create a dedicated Chrome profile with minimal personal data and bookmarks. Consider established RSS reader alternatives with larger user bases and more transparent developers. Monitor the extension's network activity if installed, and regularly review what data it may be accessing through your browsing history and bookmarks.
Findings
Security Analysis Details
Required Permissions:
- bookmarks
- storage
- unlimitedStorage
- alarms
- background
- tabs
- favicon
- history
Host Permissions:
- http://*/*
- https://*/*
Embedded URLs (20 total):
| https://clients2.google.com/service/update2/crx | http://www.w3.org/2000/svg | |
| http://purl.org/atom/ns# | http://www.w3.org/2005/Atom | |
| http://search.yahoo.com/mrss/ | https://search.yahoo.com/mrss/ | |
| http://channel.netscape.com/rdf/simple/0.9/ | http://my.netscape.com/rdf/simple/0.9/ | |
| http://purl.org/rss/1.0/ | http://www.itunes.com/dtds/podcast-1.0.dtd | |
| https://stats.mutacore.com/api | https://fb.me/react-async-component-lifecycle-hooks | |
| https://radix-ui.com/primitives/docs/components/ | https://notexists.feedpal.internal | |
| https://mths.be/he | https://react.dev/errors/ | |
| http://www.w3.org/1998/Math/MathML | http://www.w3.org/1999/xlink | |
| http://www.w3.org/XML/1998/namespace | https://chromewebstore.google.com/detail/dmflnkbellbkdbgpmfbmgmgchfenondj/support |
Raw Manifest
{ "name": "__MSG_name__", "icons": { "128": "icons/icon_128.png" }, "action": { "default_title": "__MSG_action_default_title__" }, "version": "0.0.23", "background": { "service_worker": "static/js/background.js" }, "short_name": "__MSG_short_name__", "update_url": "https://clients2.google.com/service/update2/crx", "description": "__MSG_description__", "permissions": [ "bookmarks", "storage", "unlimitedStorage", "alarms", "background", "tabs", "favicon", "history" ], "version_name": "1.0.0-alpha.23", "default_locale": "en", "host_permissions": [ "http://*/*", "https://*/*" ], "manifest_version": 3, "web_accessible_resources": [ { "matches": [ "<all_urls>" ], "resources": [ "_favicon/*" ], "extension_ids": [ "*" ] } ] }
ⓘ CRXaminer has partnered with our friends at Secure Annex to provide additional findings unique to their platform.
Secure Annex also analyzes extensions from other browsers, IDEs, and can continuously monitor.
This extension may not yet be analyzed by Secure Annex.