[ new scan ] [ statistics ] [ github ] [ twitter ] [ help ]

LambdaTest

Version 3.1.2 View in Chrome Web Store

Last scanned: about 13 hours ago

Extension Details

Developer: LambdaTest, Inc.

Rating: 4.3 ★ (21 ratings)

Users: 5,000

Context-Aware Verdict

HIGH

Overall Risk

Trust Factors:

LambdaTest is a legitimate cloud-based testing platform company with a recognizable brand in the software testing industry. The extension has a decent rating of 4.3/5 stars, though based on only 21 reviews. However, the relatively low user count of 5,000 users for an established company suggests either limited adoption or a specialized use case.

Concerns:

The extension requests extremely broad permissions that appear excessive for a testing tool. The combination of tabs permission with universal host permissions (http://*/*, https://*/*) creates significant privacy and security risks. This allows the extension to access and potentially manipulate content on every website you visit, read sensitive information from banking sites, social media, and other private accounts. The storage permission, while less concerning individually, combined with the broad access could enable data collection and tracking across all browsing activity.

Recommendations:

Given the high-risk permission combination, consider running this extension in a dedicated Chrome profile used only for testing activities. Avoid using the same browser profile for personal browsing, banking, or accessing sensitive accounts. Before installation, verify this extension is actually needed for your LambdaTest workflow, as many testing platforms offer alternative integration methods. Regularly review what data the extension might be collecting and consider disabling it when not actively testing.

Findings

HIGH

Broad Host Permissions

This extension has broad host permissions allowing it to access many or all websites. This could potentially be used to steal sensitive data or track browsing activity.

HIGH

High-Risk Permission: tabs

This extension has the tabs permission. Can access browser tab information and manipulate tabs. This could potentially be used maliciously to compromise security or privacy.

MEDIUM

Medium-Risk Permission: storage

This extension has the storage permission. Can store data locally.

Security Analysis Details

Required Permissions:

storage
tabs

Host Permissions:

http://*/*
https://*/*

Content Security Policy:

extension_pages: script-src 'self'; object-src 'self';

Embedded URLs (119 total):

https://fonts.googleapis.com/css?family=Lato:100	https://clients2.google.com/service/update2/crx
https://www.robotstxt.org/robotstxt.html	https://github.com/zloirock/core-js/blob/v3.25.5/LICENSE
https://github.com/zloirock/core-js	https://reactjs.org/docs/error-decoder.html?invariant=
http://www.w3.org/1999/xlink	http://www.w3.org/XML/1998/namespace
http://www.w3.org/1999/xhtml	http://www.w3.org/2000/svg
http://www.w3.org/1998/Math/MathML	https://reactjs.org/link/react-polyfills
http://fb.me/use-check-prop-types	https://github.com/axios/axios.git
https://github.com/axios/axios/issues	https://axios-http.com
https://github.com/uuidjs/uuid#getrandomvalues-not-supported	https://accounts.lambdatest.com
https://app.lambdatest.com	https://manual-api.lambdatest.com
https://api.lambdatest.com	https://links.lambdatest.com
https://msteams-integrations.lambdatest.com	https://accounts.lambdatest.com/api/user
https://accounts.lambdatest.com/register	https://accounts.lambdatest.com/user/profile
https://github.com/faisalman/ua-parser-js	http://feross.org
https://feross.org/opensource	https://prestage-app-api.lambdatest.com
https://prestage-api.lambdatest.com	https://prestage-links.lambdatest.com
https://msteams-prestage-integrations.lambdatest.com	https://prestage-app.lambdatest.com
https://prestage-accounts.lambdatest.com/api/user	https://prestage-accounts.lambdatest.com
https://bit.ly/CRA-vitals	http://fb.me/prop-types-in-prod
http://www.webtoolkit.info/	https://developer.mozilla.org/en/dom/storage#globalStorage
http://msdn.microsoft.com/en-us/library/ms531424	https://bugs.chromium.org/p/v8/issues/detail?id=4118
https://bugs.chromium.org/p/v8/issues/detail?id=3056	https://github.com/sindresorhus/query-string/issues/47
https://github.com/sindresorhus/query-string/pull/37	http://w3.org/TR/2012/WD-url-20120524/#collect-url-parameters
https://gist.github.com/982883	https://amplitude.com
https://amplitude.github.io/Amplitude-JavaScript/Options	https://developers.amplitude.com/docs/setting-user-groups
https://amplitude.github.io/Amplitude-JavaScript/Identify/	https://amplitude.github.io/Amplitude-JavaScript/Revenue/
https://amplitude.github.io/Amplitude-JavaScript/	https://github.com/amplitude/Amplitude-JavaScript/blob/ed405afb5f06d5cf5b72539a5d09179abcf7e1fe/README.md#300-update-and-logging-events-to-multiple-amplitude-apps
https://github.com/amplitude/Amplitude-JavaScript/blob/master/src/options.js#L14	https://github.com/Modernizr/Modernizr/blob/master/LICENSE
https://github.com/Modernizr/Modernizr/blob/master/feature-detects/history.js	https://github.com/reactjs/react-router/issues/586
https://github.com/ReactTraining/history/pull/289	https://github.com/pillarjs/path-to-regexp/blob/master/index.js#L202
https://github.com/zloirock/core-js/issues/86#issuecomment-115759028	https://tc39.es/ecma262/#sec-object.prototype.propertyisenumerable
https://github.com/zloirock/core-js/issues/1128	https://github.com/zloirock/core-js/issues/1130
https://github.com/mozilla/rhino/issues/346	https://tc39.es/ecma262/#sec-IsHTMLDDA-internal-slot-aec
https://tc39.es/ecma262/#sec-requireobjectcoercible	https://tc39.es/ecma262/#sec-IsHTMLDDA-internal-slot
https://tc39.es/ecma262/#sec-iscallable	https://tc39.es/ecma262/#sec-getmethod
https://tc39.es/ecma262/#sec-ordinarytoprimitive	https://tc39.es/ecma262/#sec-toobject
https://tc39.es/ecma262/#sec-hasownproperty	https://tc39.es/ecma262/#sec-toprimitive
https://tc39.es/ecma262/#sec-topropertykey	https://tc39.es/ecma262/#sec-object.getownpropertydescriptor
https://bugs.chromium.org/p/v8/issues/detail?id=3334	https://tc39.es/ecma262/#sec-object.defineproperty
https://tc39.es/ecma262/#sec-math.trunc	https://tc39.es/ecma262/#sec-tointegerorinfinity

Page 1 of 2

Raw Manifest

{
  "name": "LambdaTest",
  "icons": {
    "16": "favicon-16x16.png",
    "32": "favicon-32x32.png",
    "96": "favicon-96x96.png"
  },
  "action": {
    "default_popup": "index.html",
    "default_title": "LambdaTest"
  },
  "version": "3.1.2",
  "incognito": "not_allowed",
  "short_name": "LambdaTest",
  "update_url": "https://clients2.google.com/service/update2/crx",
  "description": "Perform Live Interactive and Automated Cross Browser Testing on 2000+ Real Browsers and Operating Systems",
  "permissions": [
    "storage",
    "tabs"
  ],
  "host_permissions": [
    "http://*/*",
    "https://*/*"
  ],
  "manifest_version": 3,
  "content_security_policy": {
    "extension_pages": "script-src 'self'; object-src 'self';"
  }
}

by ✦ Astarte

LambdaTest

Extension Details

Context-Aware Verdict

Findings

Security Analysis Details

Required Permissions:

Host Permissions:

Content Security Policy:

Embedded URLs (119 total):

Raw Manifest

Detections

Manifest Findings