Axure Cloud Extension
Version 1.2.1 View in Chrome Web Store
Last scanned: 16 days ago
| force re-scan
Extension Details
Developer:
axure.com
Rating:
3.3 ★
(18 ratings)
Users:
10,000
Context-Aware Verdict
This section provides a Claude-based AI analysis that applies additional context to the risk. Results are not guaranteed to be accurate.
HIGH
Risk Level
Trust Factors:
- The extension is published by axure.com, which appears to be a legitimate company that develops software for creating user experience documentation and prototypes.
- The extension has a relatively high number of users (10,000), which suggests some level of trust and popularity.
- However, the rating of 3.3 out of 5 stars from 18 reviews is not particularly high, indicating potential issues or concerns from users.
Concerns:
- The extension requests the "tabs" permission, which allows it to access and manipulate browser tabs, potentially compromising security or privacy.
- It has broad host permissions (<all_urls>), enabling it to access any website, which could be exploited for data theft or tracking browsing activity.
- The extension can inject content scripts into any website (<all_urls>), which could be used to read sensitive data, modify website content, or steal credentials.
Recommendations:
- Exercise caution when using this extension, as it has broad permissions that could potentially be exploited for malicious purposes.
- Consider running the extension in a separate browser profile or a sandboxed environment to isolate it from your main browsing activity and sensitive data.
- Regularly review the extension's permissions and behavior, and uninstall it if you notice any suspicious activity or if it requests additional permissions beyond what is necessary for its stated functionality.
- Check for updates from the developer and reputable sources to ensure you are using the latest version with any security fixes or improvements.
- Consider using alternative extensions or tools from trusted sources if possible, especially if this extension is not essential for your workflow.
Security Analysis
This section provides a detailed analysis of the extension's security posture, without broader context. Assumes worst-case impact.
HIGH
Overall Risk
Based on 3 total findings, ranked without considering overall context, including 3 high-risk and 0 medium-risk findings.
HIGH
Broad Content Script Injection
This extension can inject scripts into any website. This means it could potentially read sensitive data, modify website content, or steal credentials.
HIGH
Broad Host Permissions
This extension has broad host permissions allowing it to access many or all websites. This could potentially be used to steal sensitive data or track browsing activity.
HIGH
High-Risk Permission: tabs
This extension has the tabs permission. Can access browser tab information and manipulate tabs. This could potentially be used maliciously to compromise security or privacy.
Security Analysis Details
Required Permissions:
- tabs
Host Permissions:
- <all_urls>
Embedded URLs (1 total):
| https://clients2.google.com/service/update2/crx |
Raw Manifest
{ "name": "Axure Cloud Extension", "icons": { "16": "cloud_16.png", "32": "cloud_32.png", "64": "cloud_64.png", "128": "cloud_128.png" }, "action": { "default_icon": "cloud_16.png", "default_title": "Axure Cloud Screenshot Extension" }, "version": "1.2.1", "commands": { "shortcutScreenshot": { "description": "Create Screenshot via Keyboard", "suggested_key": { "mac": "Ctrl+Shift+1", "default": "Ctrl+Shift+1" } } }, "background": { "type": "module", "service_worker": "background.js" }, "update_url": "https://clients2.google.com/service/update2/crx", "description": "Capture screenshots of your prototype to attach to Axure Cloud comments. When commenting, click the camera icon to add a screenshot.", "permissions": [ "tabs" ], "content_scripts": [ { "js": [ "axScreenshot.js" ], "run_at": "document_end", "matches": [ "<all_urls>" ], "all_frames": true } ], "host_permissions": [ "<all_urls>" ], "manifest_version": 3 }
Secure Annex (beta)
Coming soon...