[ new scan ] [ statistics ] [ github ] [ twitter ] [ help ]

Read Later

Version 9.1.0 View in Chrome Web Store

Last scanned: about 3 hours ago

Extension Details

Rating: 4.6 ★ (22 ratings)

Users: 5,000

Context-Aware Verdict

HIGH

Overall Risk

Trust Factors:

The extension has a relatively small user base of 5,000 users and a decent rating of 4.6 stars from 22 reviews, which suggests basic user satisfaction but limited widespread adoption. The lack of developer information and company details raises transparency concerns. The extension's purpose as a "Read Later" tool appears legitimate and useful for productivity.

Concerns:

The extension requests broad content script injection across all URLs, which is excessive for a simple read-later functionality. The tabs permission allows extensive browser manipulation capabilities that seem unnecessary for bookmarking articles. The combination of universal content script access with tabs permission creates a powerful surveillance and data collection capability. The storage permission, while expected for saving articles, combined with the other permissions could enable comprehensive user tracking across all websites.

Recommendations:

Consider running this extension in a separate Chrome profile to isolate potential risks from your main browsing activities. Look for alternative read-later extensions from more established developers with better transparency and more restrictive permissions. If you continue using this extension, regularly review what data it has stored and monitor for any unusual browser behavior. Consider using browser-native bookmarking features or well-established alternatives like Pocket or Instapaper that have stronger privacy policies and security track records.

Findings

HIGH

Broad Content Script Injection

This extension can inject scripts into any website. This means it could potentially read sensitive data, modify website content, or steal credentials.

HIGH

High-Risk Permission: tabs

This extension has the tabs permission. Can access browser tab information and manipulate tabs. This could potentially be used maliciously to compromise security or privacy.

MEDIUM

Medium-Risk Permission: contextMenus

This extension has the contextMenus permission. Can add items to the context menu.

MEDIUM

Medium-Risk Permission: storage

This extension has the storage permission. Can store data locally.

Security Analysis Details

Required Permissions:

tabs
storage
contextMenus
favicon

Embedded URLs (61 total):

Raw Manifest

{
  "name": "Read Later",
  "icons": {
    "16": "icons/logo-orange16x16.png",
    "32": "icons/logo-orange32x32.png",
    "48": "icons/logo-orange48x48.png",
    "128": "icons/logo-orange128x128.png"
  },
  "action": {
    "default_icon": "icons/logo-orange48x48.png",
    "default_popup": "popup/popup.html",
    "default_title": "Read Later"
  },
  "version": "9.1.0",
  "commands": {
    "_execute_action": {
      "suggested_key": {
        "default": "Alt+Shift+Z"
      }
    },
    "chrome-read-later.willbc.com": {
      "description": "Save to reading list",
      "suggested_key": {
        "default": "Alt+Shift+S"
      }
    }
  },
  "background": {
    "type": "module",
    "service_worker": "background/background.js"
  },
  "options_ui": {
    "page": "options/options.html",
    "open_in_tab": false
  },
  "update_url": "https://clients2.google.com/service/update2/crx",
  "description": "A temporary bookmark focuses on reading later, rather than closing and removing, with several Vim keybindings!",
  "permissions": [
    "tabs",
    "storage",
    "contextMenus",
    "favicon"
  ],
  "content_scripts": [
    {
      "js": [
        "content/content.js"
      ],
      "run_at": "document_start",
      "matches": [
        "<all_urls>"
      ]
    }
  ],
  "manifest_version": 3,
  "web_accessible_resources": [
    {
      "matches": [
        "<all_urls>"
      ],
      "resources": [
        "content/pagePosition.js"
      ]
    }
  ]
}

by ✦ Astarte

Read Later

Extension Details

Context-Aware Verdict

Findings

Security Analysis Details

Required Permissions:

Embedded URLs (61 total):

Raw Manifest

Detections

Manifest Findings

https://github.com/willbchang/chrome-read-later#readme	https://codepen.io/sosuke/pen/Pjoqqp
https://javascript.info/size-and-scroll-window	https://developer.chrome.com/apps/runtime#event-onMessage
http://www.w3.org/2000/svg	https://clients2.google.com/service/update2/crx
https://tinyurl.com/y2uuvskb	http://bit.ly/2kdckMn
https://dexie.org	http://www.apache.org/licenses/
https://dexie.org/docs/inbound	https://dexie.org/docs/Compound-Index
https://dexie.org/docs/DexieErrors/DexieError	https://dexie.org/docs/DexieErrors/Dexie.
https://dexie.org/docs/DexieErrors/Dexie.OpenFailedError	https://dexie.org/docs/DexieErrors/Dexie.VersionChangeError
https://dexie.org/docs/DexieErrors/Dexie.SchemaError	https://dexie.org/docs/DexieErrors/Dexie.UpgradeError
https://dexie.org/docs/DexieErrors/Dexie.InvalidTableError	https://dexie.org/docs/DexieErrors/Dexie.MissingAPIError
https://dexie.org/docs/DexieErrors/Dexie.NoSuchDatabaseError	https://dexie.org/docs/DexieErrors/Dexie.InvalidArgumentError
https://dexie.org/docs/DexieErrors/Dexie.SubTransactionError	https://dexie.org/docs/DexieErrors/Dexie.UnsupportedError
https://dexie.org/docs/DexieErrors/Dexie.InternalError	https://dexie.org/docs/DexieErrors/Dexie.DatabaseClosedError
https://dexie.org/docs/DexieErrors/Dexie.PrematureCommitError	https://dexie.org/docs/DexieErrors/Dexie.ForeignAwaitError
https://dexie.org/docs/DexieErrors/Dexie.UnknownError	https://dexie.org/docs/DexieErrors/Dexie.ConstraintError
https://dexie.org/docs/DexieErrors/Dexie.DataError	https://dexie.org/docs/DexieErrors/Dexie.TransactionInactiveError
https://dexie.org/docs/DexieErrors/Dexie.ReadOnlyError	https://dexie.org/docs/DexieErrors/Dexie.VersionError
https://dexie.org/docs/DexieErrors/Dexie.NotFoundError	https://dexie.org/docs/DexieErrors/Dexie.InvalidStateError
https://dexie.org/docs/DexieErrors/Dexie.InvalidAccessError	https://dexie.org/docs/DexieErrors/Dexie.AbortError
https://dexie.org/docs/DexieErrors/Dexie.TimeoutError	https://dexie.org/docs/DexieErrors/Dexie.QuotaExceededError
https://dexie.org/docs/DexieErrors/Dexie.DataCloneError	https://dexie.org/docs/DexieErrors/Dexie.ModifyError
https://dexie.org/docs/DexieErrors/Dexie.BulkError	https://stackoverflow.com/a/32108184/9984029
https://developer.chrome.com/extensions/commands#event-onCommand	https://developer.chrome.com/extensions/storage
https://developer.chrome.com/extensions/tabs#method-query	https://developer.chrome.com/extensions/tabs#method-remove
https://developer.chrome.com/extensions/tabs#method-create	https://developer.chrome.com/extensions/tabs#method-update
https://developer.chrome.com/extensions/tabs#method-sendMessage	https://stackoverflow.com/a/28432087/9984029
https://developer.chrome.com/extensions/tabs#event-onUpdated	https://developer.chrome.com/extensions/runtime#method-sendMessage
https://developer.chrome.com/extensions/runtime#event-onMessage	https://developer.chrome.com/docs/extensions/reference/runtime/#method-connect
https://developer.chrome.com/docs/extensions/reference/runtime/#event-onConnect	https://developer.chrome.com/extensions/runtime#event-onInstalled
https://developer.chrome.com/extensions/contextMenus#event-onClicked	https://developer.chrome.com/extensions/contextMenus#method-create
https://www.google.com/&quot