Extension Details
Context-Aware Verdict
The extension has very limited trust indicators with only 5,000 users and just 3 ratings, despite having a perfect 5.0 rating. The lack of developer information, missing description, and unknown company reputation significantly reduce trustworthiness. The extension appears to be relatively new or obscure in the marketplace.
The combination of cookies permission with broad host permissions (https://*/*) creates a particularly concerning risk profile. This allows the extension to access and modify cookies across all HTTPS websites, potentially enabling session hijacking, credential theft, or unauthorized account access. The declarativeNetRequest permission adds another layer of concern as it can modify network requests. The missing description makes it impossible to verify if these extensive permissions are justified for the extension's stated purpose.
Given the high risk level, avoid installing this extension unless absolutely necessary. If you must use it, run it in a completely separate Chrome profile isolated from your main browsing activities. Regularly monitor your accounts for unauthorized access and consider using additional security measures like two-factor authentication. The lack of transparency about the extension's functionality combined with powerful permissions suggests finding alternative solutions would be safer. Consider extensions with clearer descriptions, more established user bases, and transparent developer information for similar functionality.
Findings
Security Analysis Details
Required Permissions:
- cookies
- storage
- declarativeNetRequest
Host Permissions:
- https://*/*
Embedded URLs (217 total):
| http://www.w3.org/2000/svg | https://sentry.io/welcome/ | |
| https://docs.sentry.io/platforms/javascript/best-practices/browser-extensions/ | https://browser.sentry-cdn.com | |
| http://dogs.are.great | http://www.example.com | |
| https://github.com/browserify/crypto-browserify | https://www.acx.com | |
| https://account.kdp.amazon.com/api/payee | https://kdpreports.amazon.com | |
| https://api.publishing.ai | https://www.acx.com/api | |
| https://www.acx.com/salesTitle/ | https://www.acx.com/api/dashboard/v2/production?statuses=LIVE%2CPUB_NOT_LIVE%2CIN_REVIEW%2CPUBLISHING%2CLIVE_REQUEST_PX%2CLIVE_AWAITING_PX%2CLIVE_REVISION_PX%2CLIVE_SYNTHESIZING%2CLIVE_WITH_CHANGES&pageIndex=1&resultPerPage=10 | |
| https://www.acx.com/api/runtime/ | https://www.acx.com/api/titleview/ | |
| https://www.acx.com/dashboard | https://db3920554abdfc1807e46fee98321d30@o4506043484209152.ingest.us.sentry.io/4507823450095616 | |
| https://feross.org | https://feross.org/opensource | |
| https://github.com/Yaffle/EventSource/ | https://clients2.google.com/service/update2/crx | |
| https://app.publishing.com/ | https://fonts.googleapis.com | |
| https://fonts.gstatic.com | https://fonts.googleapis.com/css2?family=Inter:ital | |
| https://app.publishing.com/sales-analytics | https://www.acx.com/api/ | |
| https://github.com/getsentry/sentry-javascript/issues/838 | https://github.com/getsentry/sentry-javascript/issues/3344 | |
| https://github.com/bugsnag/bugsnag-js/issues/469 | https://stackoverflow.com/questions/23191918/peformance-getentries-and-negative-duration-display | |
| https://developer.mozilla.org/en-US/docs/Web/API/LayoutShift | https://www.apache.org/licenses/LICENSE-2.0 | |
| https://web.dev/articles/cls#what_is_a_good_cls_score | https://web.dev/articles/cls | |
| https://web.dev/articles/cls#layout_shift_score | https://developer.chrome.com/blog/page-lifecycle-api/#advice-hidden | |
| https://web.dev/articles/fid#what_is_a_good_fid_score | https://web.dev/articles/fid | |
| https://web.dev/articles/inp#what_is_a_good_inp_score | https://web.dev/articles/inp | |
| https://web.dev/articles/lcp#what_is_a_good_lcp_score | https://web.dev/articles/lcp | |
| https://github.com/GoogleChrome/web-vitals/issues/75 | https://github.com/GoogleChrome/web-vitals/issues/383 | |
| https://github.com/GoogleChrome/web-vitals/issues/14 | https://github.com/GoogleChrome/web-vitals/issues/277 | |
| https://web.dev/articles/fcp#what_is_a_good_fcp_score | https://web.dev/articles/fcp | |
| https://web.dev/articles/ttfb#what_is_a_good_ttfb_score | https://web.dev/articles/ttfb | |
| https://w3c.github.io/navigation-timing/ | https://www.w3.org/TR/hr-time-2/#sec-time-origin | |
| https://github.com/GoogleChrome/web-vitals/issues/137 | https://github.com/GoogleChrome/web-vitals/issues/162 | |
| https://github.com/GoogleChrome/web-vitals/issues/275 | https://stackoverflow.com/a/58879212 | |
| https://stackoverflow.com/a/3540295 | https://developer.mozilla.org/en-US/docs/Web/API/MediaDevices/getDisplayMedia | |
| https://forums.developer.apple.com/forums/thread/119186 | https://stackoverflow.com/questions/60482650/how-to-detect-ipad-useragent-on-safari-browser | |
| https://developer.mozilla.org/en-US/docs/Web/API/MediaDevices/getDisplayMedia#prefercurrenttab | https://github.com/niklasvh/base64-arraybuffer | |
| https://hertzen.com | https://reactjs.org/docs/error-decoder.html?invariant=423 | |
| https://react.dev/errors/418 | https://github.com/rrweb-io/rrweb/blob/d8f9290ca496712aa1e7d472549480c4e7876594/packages/rrweb/src/types.ts#L16 | |
| https://example.com | https://sentry.io/for/session-replay/ | |
| https://docs.sentry.io/platforms/javascript/guides/session-replay/ | https://github.com/getsentry/sentry/blob/9f08305e09866c8bd6d0c24f5b0aabdd7dd6c59c/src/sentry/lang/javascript/errormapping.py#L83-L108 | |
| https://github.com/zertosh/invariant/blob/master/invariant.js#L46 | https://github.com/getsentry/sentry-javascript/issues/1949 | |
| https://developer.mozilla.org/en-US/docs/Web/API/DOMError | https://developer.mozilla.org/en-US/docs/Web/API/DOMException | |
| https://webidl.spec.whatwg.org/#es-DOMException-specialness | https://github.com/getsentry/sentry-javascript/issues/1168 | |
| https://developer.mozilla.org/en-US/docs/Web/API/PromiseRejectionEvent | https://developer.mozilla.org/en-US/docs/Web/API/CustomEvent |
Raw Manifest
{ "key": "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxINW3MFaTq1hoJHWxjc4DgWr3efStW9ZgsYVp009y0a+kk9iPTkonQPqDr7Aa4Ovlt/WTIDBYcY/rMu4xHMAeFdCeljqFHFZjTd5Y9HDmXID5ixJgWsqR7NuA4cWQB7HoZ0jNGbU7LfDVWGkcb8WoPugDl5x5Gtpx4/3tThe9tmGlmiNOtSWnR9pmYrtrEMWLYD6ihFYy+4Jnummrv9QJ9h54VIFm+DX9hCVkr/RGNqikdtz1NEhHsBmEjb+Hl9AmJsGdCxptfdyVqwG2MesjUv6zWPLg0zsbc65+DPIM06CsGDt5rGBdmPjbWnQ+gtysiLFCTlfWoeqqUMQ5l9rZwIDAQAB", "name": "Publishing.ai", "icons": { "16": "images/icon_16.png", "32": "images/icon_32.png", "48": "images/icon_48.png", "128": "images/icon_128.png" }, "action": { "default_popup": "popup.html" }, "version": "3.3.3", "background": { "service_worker": "background.js" }, "update_url": "https://clients2.google.com/service/update2/crx", "description": "The all-in-one solution for authors and publishers. From identifying profitable topics, to writing books, and tracking sales.", "permissions": [ "cookies", "storage", "declarativeNetRequest" ], "host_permissions": [ "https://*/*" ], "manifest_version": 3, "externally_connectable": { "matches": [ "https://app.publishing.com/*" ] }, "declarative_net_request": { "rule_resources": [ { "id": "ruleset_1", "path": "rules.json", "enabled": true } ] } }
ⓘ CRXaminer has partnered with our friends at Secure Annex to provide additional findings unique to their platform.
Secure Annex also analyzes extensions from other browsers, IDEs, and can continuously monitor.
This extension may not yet be analyzed by Secure Annex.