Starting analysis...
Extension Details
Context-Aware Verdict
Markdown Here is a well-established extension with 100,000 users and a solid 4.5-star rating from 371 reviews. The extension serves a legitimate purpose of converting Markdown text to formatted HTML in web applications like Gmail, which explains its popularity among developers and technical users. The moderate user base and positive ratings suggest it has been reliable for its intended functionality.
The extension requests several permissions that, while reasonable for its stated purpose, create potential attack vectors. The activeTab permission allows access to webpage content when activated, which could be misused to read sensitive information from any tab. The scripting permission enables code injection into web pages, creating opportunities for malicious behavior if the extension were compromised. The contextMenus permission, while useful for user experience, adds another entry point for potential exploitation. The storage permission allows data persistence, which could be used to collect and store user information.
Given the medium risk level, consider running this extension in a separate Chrome profile if you frequently work with sensitive documents or confidential information. Monitor the extension's behavior and disable it when not actively needed for Markdown conversion. Regularly review your installed extensions and ensure this one continues to receive updates from its developer. The risk is manageable for most users, but extra caution is warranted in high-security environments.
Findings
Security Analysis Details
Required Permissions:
- activeTab
- contextMenus
- storage
- scripting
Embedded URLs (731 total):
| https://clients2.google.com/service/update2/crx | https://markdown-here.com | |
| https://adampritchard.mit-license.org/ | https://developer.mozilla.org/en-US/docs/Mozilla/Add-ons/WebExtensions/manifest.json/background | |
| https://github.com/adam-p/markdown-here/issues/119 | https://highlightjs.org/ | |
| https://github.com/adam-p/markdown-here/blob/master/PRIVACY.md#optional-third-party-latex-image-rendering-service | https://github.com/adam-p/markdown-here/discussions | |
| https://github.com/adam-p/markdown-here/issues/261 | https://github.com/adam-p/markdown-here/wiki/Tips-and-Tricks#tex | |
| https://github.com/adam-p/markdown-here/issues/874 | https://github.com/adam-p/markdown-here/issues/722 | |
| https://github.com/amacfie | https://github.com/AlexWayfer | |
| https://github.com/adam-p/markdown-here/issues/865 | https://github.com/adam-p/markdown-here/issues/524 | |
| https://github.com/adam-p/markdown-here/issues/526 | https://github.com/KSR-Yasuda | |
| https://github.com/ensleep | https://github.com/pmanu93 | |
| https://github.com/stombi | https://github.com/littdky | |
| https://github.com/lashkevi | https://github.com/morsedl | |
| https://github.com/adam-p/markdown-here/issues/495 | https://github.com/dugite-code | |
| https://github.com/adam-p/markdown-here/pull/518 | https://github.com/marespiaut | |
| https://github.com/tehmul | https://github.com/PackElend | |
| https://github.com/qolii | https://github.com/StuntsPT | |
| https://github.com/evazquez00 | https://github.com/adam-p/markdown-here/issues/435 | |
| https://github.com/lincoln-b | https://github.com/adam-p/markdown-here/issues/427 | |
| https://github.com/nedchu | https://github.com/adam-p/markdown-here/issues/369 | |
| https://github.com/samestep | https://github.com/r2evans | |
| https://github.com/happyconfident | https://github.com/juaalta | |
| https://github.com/haililihai | https://github.com/shiliang-hust | |
| https://github.com/jjroper | https://github.com/l0o0 | |
| https://www.angerson.org/ | http://rgd2.co/ | |
| http://www.ux-jack.com/ | https://twitter.com/esquinas | |
| http://leon-wilmanns.de/ | https://markdown-here.com/logo.html | |
| https://github.com/adam-p/markdown-here/issues/302 | https://github.com/adam-p/markdown-here/issues/297 | |
| https://github.com/dukedave | https://github.com/adam-p/markdown-here/issues/289 | |
| https://github.com/efryntov | https://stackoverflow.com/users/989121/georg | |
| https://stackoverflow.com/questions/31952381/end-of-string-regex-match-too-slow | https://github.com/adam-p/markdown-here/issues/283 | |
| https://github.com/therealmarv | https://groups.google.com/group/markdown-here | |
| https://github.com/adam-p/markdown-here/issues | https://github.com/adam-p/markdown-here/issues/288 | |
| https://github.com/rfulkerson | https://crowdin.com/profile/benwayne182 | |
| https://github.com/kant | https://crowdin.com/profile/erichdongubler | |
| https://github.com/adam-p/markdown-here/issues/278 | https://github.com/georgejean | |
| https://github.com/fardog | https://github.com/fugo | |
| https://github.com/dheerajbhaskar | https://github.com/robred | |
| https://github.com/adam-p/markdown-here/issues/251 | https://github.com/hchaase | |
| https://github.com/adam-p/markdown-here/issues/241 | https://github.com/bornio | |
| http://www.palemoon.org/ | https://github.com/adam-p/markdown-here/issues/104 |
Raw Manifest
{ "name": "__MSG_app_name__", "icons": { "16": "common/images/icon16.png", "32": "common/images/icon32.png", "48": "common/images/icon48.png", "128": "common/images/icon128.png", "512": "common/images/icon512.png" }, "action": { "default_icon": { "16": "common/images/icon16-button-monochrome.png", "19": "common/images/icon19-button-monochrome.png", "32": "common/images/icon32-button-monochrome.png", "38": "common/images/icon38-button-monochrome.png", "64": "common/images/icon64-button-monochrome.png" }, "browser_style": true, "default_title": "__MSG_toggle_button_tooltip__" }, "version": "2.16.0", "commands": { "_execute_action": { "suggested_key": { "mac": "Alt+Shift+M", "default": "Alt+Shift+M" } } }, "background": { "page": "chrome/background.html#background-page", "service_worker": "chrome/backgroundscript.js" }, "options_ui": { "page": "common/options.html", "open_in_tab": true }, "update_url": "https://clients2.google.com/service/update2/crx", "description": "__MSG_app_slogan__", "permissions": [ "activeTab", "contextMenus", "storage", "scripting" ], "homepage_url": "https://markdown-here.com", "default_locale": "en", "manifest_version": 3, "optional_host_permissions": [ "http://*/*", "https://*/*" ] }
ⓘ CRXaminer has partnered with our friends at Secure Annex to provide additional findings unique to their platform.
Secure Annex also analyzes extensions from other browsers, IDEs, and can continuously monitor.
This extension may not yet be analyzed by Secure Annex.