[ new scan ] [ statistics ] [ github ] [ twitter ] [ help ]

Refresh Page - Auto Reload Page

Version 0.1.6 View in Chrome Web Store

Last scanned: about 9 hours ago

Extension Details

Rating: 4.4 ★ (76 ratings)

Users: 40,000

Context-Aware Verdict

HIGH

Overall Risk

Trust Factors:

The extension has a moderate user base of 40,000 users and a decent rating of 4.4 stars from 76 reviews, suggesting basic functionality works as expected. However, the lack of visible developer information and company details reduces trustworthiness. The extension's core purpose of auto-refreshing pages is legitimate and commonly needed.

Concerns:

The extension requests extremely broad permissions that far exceed what's necessary for simple page refreshing. The <all_urls> host permissions and content script injection capabilities allow it to access and modify any website you visit, creating significant privacy and security risks. The tabs permission enables monitoring of your browsing activity across all tabs. These permissions could facilitate data theft, credential harvesting, or unauthorized tracking of your online behavior.

The combination of broad access with content script injection is particularly concerning, as it means the extension can read sensitive information like passwords, personal data, or financial details on any website. The storage and notifications permissions, while less critical, add to the overall risk profile.

Recommendations:

Consider using this extension in a separate Chrome profile to isolate potential risks from your main browsing. Alternatively, look for page refresh extensions with more limited permissions that only request access to specific sites when needed. Monitor your browsing behavior for any unusual activity if you continue using this extension.

Findings

HIGH

Broad Content Script Injection

This extension can inject scripts into any website. This means it could potentially read sensitive data, modify website content, or steal credentials.

HIGH

Broad Host Permissions

This extension has broad host permissions allowing it to access many or all websites. This could potentially be used to steal sensitive data or track browsing activity.

HIGH

High-Risk Permission: tabs

This extension has the tabs permission. Can access browser tab information and manipulate tabs. This could potentially be used maliciously to compromise security or privacy.

MEDIUM

Medium-Risk Permission: notifications

This extension has the notifications permission. Can show notifications.

MEDIUM

Medium-Risk Permission: storage

This extension has the storage permission. Can store data locally.

Raw Manifest

{
  "name": "__MSG_name__",
  "icons": {
    "16": "data/icons/16.png",
    "32": "data/icons/32.png",
    "128": "data/icons/128.png"
  },
  "action": {
    "default_icon": {
      "16": "data/icons/16.png",
      "32": "data/icons/32.png"
    },
    "default_popup": "data/popup/popup.html",
    "default_title": "Reload page"
  },
  "version": "0.1.6",
  "commands": {
    "_execute_action": {}
  },
  "background": {
    "service_worker": "background.js"
  },
  "update_url": "https://clients2.google.com/service/update2/crx",
  "description": "__MSG_desc__",
  "permissions": [
    "tabs",
    "alarms",
    "storage",
    "notifications"
  ],
  "default_locale": "en",
  "content_scripts": [
    {
      "js": [
        "data/popup/explore/content.js"
      ],
      "run_at": "document_start",
      "matches": [
        "<all_urls>"
      ],
      "all_frames": true
    }
  ],
  "offline_enabled": true,
  "host_permissions": [
    "<all_urls>"
  ],
  "manifest_version": 3
}

by ✦ Astarte

http://svgjs.dev/svgjs	http://www.w3.org/2000/svg
http://www.w3.org/1999/xlink	https://clients2.google.com/service/update2/crx

Refresh Page - Auto Reload Page

Extension Details

Context-Aware Verdict

Findings

Security Analysis Details

Required Permissions:

Host Permissions:

Embedded URLs (4 total):

Raw Manifest

Detections

Manifest Findings