[ new scan ] [ statistics ] [ github ] [ twitter ] [ help ]

Open Local Files in Google Chrome™

Version 1.0.2 View in Chrome Web Store

Last scanned: about 15 hours ago

Extension Details

Rating: 2.5 ★ (17 ratings)

Users: 4,000

Context-Aware Verdict

MEDIUM

Overall Risk

Trust Factors: The extension has a concerning trust profile with only 4,000 users and a poor 2.5-star rating from just 17 reviews, suggesting user dissatisfaction. The lack of clear author and developer information raises transparency concerns. The extension's purpose of opening local files in Chrome is legitimate but niche.

Concerns: The primary concern is the broad content script injection capability (*://*/*) which allows the extension to run scripts on every website you visit. This is excessive for an extension that should only need to handle local file operations. The combination of storage permissions with universal website access creates potential for data collection and privacy violations. The poor user ratings may indicate functionality issues or suspicious behavior that users have experienced.

The security findings confirm one high-risk element (broad content script injection) which is disproportionate to the extension's stated purpose. Local file handling shouldn't require access to all websites.

Recommendations: Consider running this extension in a separate Chrome profile to isolate it from your main browsing activities and sensitive accounts. Monitor the extension's behavior carefully and revoke permissions if you notice unexpected activity. Look for alternative extensions with better ratings and more transparent developers, or use Chrome's built-in file handling capabilities when possible. Given the poor ratings and broad permissions, you may want to uninstall and seek alternatives.

Findings

HIGH

Broad Content Script Injection

This extension can inject scripts into any website. This means it could potentially read sensitive data, modify website content, or steal credentials.

MEDIUM

Medium-Risk Permission: storage

This extension has the storage permission. Can store data locally.

Security Analysis Details

Required Permissions:

storage

Embedded URLs (18 total):

https://developer.mozilla.org/ja/docs/Web/API/Event/isTrusted	https://chrome.google.com/webstore/detail/
https://getbootstrap.com/	https://github.com/twbs/bootstrap/blob/master/LICENSE
http://www.w3.org/2000/svg	https://fontawesome.com
https://fontawesome.com/license/free	https://clients2.google.com/service/update2/crx
https://open-local-files.freespeedcheck.net/	http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd
http://www.w3.org/1999/xlink	http://purl.org/dc/elements/1.1/
http://creativecommons.org/ns#	http://www.w3.org/1999/02/22-rdf-syntax-ns#
http://sodipodi.sourceforge.net/DTD/sodipodi-0.dtd	http://www.inkscape.org/namespaces/inkscape
http://purl.org/dc/dcmitype/StillImage	http://www.bohemiancoding.com/sketch

Raw Manifest

{
  "name": "__MSG_appName__",
  "icons": {
    "16": "images/icon-16.png",
    "128": "images/icon-128.png"
  },
  "action": {
    "default_icon": {
      "19": "images/icon-19.png",
      "38": "images/icon-38.png"
    },
    "default_popup": "pages/popup.html",
    "default_title": "__MSG_browserActionTitle__"
  },
  "version": "1.0.2",
  "background": {
    "service_worker": "scripts/background.js"
  },
  "short_name": "__MSG_appShortName__",
  "update_url": "https://clients2.google.com/service/update2/crx",
  "description": "__MSG_appDescription__",
  "permissions": [
    "storage"
  ],
  "homepage_url": "https://open-local-files.freespeedcheck.net/",
  "default_locale": "en",
  "content_scripts": [
    {
      "js": [
        "scripts/content.js"
      ],
      "run_at": "document_end",
      "matches": [
        "*://*/*"
      ],
      "all_frames": true
    }
  ],
  "offline_enabled": true,
  "manifest_version": 3
}

by ✦ Astarte