Extension Details
Rating:
4.8 ★
(1.5K ratings)
Users:
100,000
Context-Aware Verdict
This section provides a Claude-based AI analysis that applies additional context to the risk. Results are not guaranteed to be accurate.
MEDIUM
Overall Risk
Trust Factors: The extension has a strong user base with 100,000 users and an excellent rating of 4.8 stars from 1,500 reviews, indicating generally positive user experiences. The functionality described (auto refresh) is straightforward and commonly needed by users.
Concerns: The primary concern is the overly broad host permissions (<all_urls>) which grants the extension access to all websites you visit. For an auto refresh tool, this level of access seems excessive and creates potential privacy risks. The extension could theoretically monitor your browsing activity across all sites, collect sensitive data from web pages, or inject unwanted content. The storage permission, while necessary for saving refresh settings, adds another layer of data collection capability.
The combination of broad website access and local storage permissions creates a scenario where the extension could potentially track and store your browsing patterns, though this may not be the intended functionality.
Recommendations: Consider running this extension in a separate Chrome profile dedicated to non-sensitive browsing activities. Before installing, verify that the auto refresh functionality truly requires access to all websites rather than just the specific pages you want to refresh. Look for alternative auto refresh extensions that request more limited permissions. If you proceed with installation, regularly review what data the extension might be storing and monitor your browsing experience for any unexpected behavior.
Findings
This section provides a detailed analysis of the extension's security posture, without broader context. Assumes worst-case impact.
HIGH
Broad Host Permissions
This extension has broad host permissions allowing it to access many or all websites. This could potentially be used to steal sensitive data or track browsing activity.
MEDIUM
Medium-Risk Permission: storage
This extension has the storage permission. Can store data locally.
Security Analysis Details
Required Permissions:
- storage
Host Permissions:
- <all_urls>
Embedded URLs (11 total):
| https://autorefreshplus.in | https://clients2.google.com/service/update2/crx | |
| https://fonts.googleapis.com/css2?family=Rubik:ital | https://react.dev/errors/ | |
| http://www.w3.org/2000/svg | http://www.w3.org/1998/Math/MathML | |
| http://www.w3.org/1999/xlink | http://www.w3.org/XML/1998/namespace | |
| https://git.io/JUIaE# | https://chrome.google.com/webstore/detail/ffejlioijcokmblckiijnjcmfidjppdn/reviews | |
| https://autorefreshplus.in/privacy |
Raw Manifest
{ "name": "__MSG_extensionName__", "icons": { "32": "icon128.png", "64": "icon128.png", "128": "icon128.png" }, "action": { "default_popup": "index.html", "default_title": "__MSG_extensionTitle__" }, "version": "3.0.0", "background": { "service_worker": "background.js" }, "update_url": "https://clients2.google.com/service/update2/crx", "description": "__MSG_extensionDescription__", "permissions": [ "storage" ], "default_locale": "en", "host_permissions": [ "<all_urls>" ], "manifest_version": 3 }
ⓘ CRXaminer has partnered with our friends at Secure Annex to provide additional findings unique to their platform.
Secure Annex also analyzes extensions from other browsers, IDEs, and can continuously monitor.
Loading Secure Annex data...
Unable to load Secure Annex data.
This extension may not yet be analyzed by Secure Annex.
Detections
0Critical
0
High
0
Medium
0
Low
0
Has Verdicts
Yes
Manifest Findings
0Critical
0
High
0
Medium
0
Low
0
Secure Annex analyzed version: -