Extension Details
Context-Aware Verdict
ZoomInfo is a legitimate B2B contact database company with a substantial user base of 400,000 downloads. The extension maintains a reasonable 3.9-star rating from 257 reviews, indicating general user satisfaction. The company is well-established in the business intelligence sector, which adds credibility to the extension's purpose.
The extension's broad permissions are concerning given its business intelligence nature. The combination of tabs permission, universal host permissions, and content script injection across all websites creates significant privacy risks. While ZoomInfo legitimately needs to access websites to gather business contact information, these permissions could theoretically allow comprehensive browsing surveillance and data collection beyond stated purposes. The access to Google's new tab page suggests potential tracking of search behavior.
The extension essentially has the technical capability to monitor all web activity, read sensitive information from any website, and store this data locally. For a contact intelligence tool, this level of access raises questions about data collection scope and user privacy.
Consider running this extension in a separate Chrome profile dedicated to business research activities. Review ZoomInfo's privacy policy carefully to understand data collection practices. Regularly audit what data the extension has access to through Chrome's extension management settings. If you only use ZoomInfo occasionally, consider disabling the extension when not actively needed for prospecting work.
Findings
Security Analysis Details
Required Permissions:
- tabs
- storage
- contextMenus
Host Permissions:
- http://*/
- https://*/
- https://www.google.com/_/chrome/newtab*
Content Security Policy:
- extension_pages: script-src 'self'; object-src 'self'
Embedded URLs (103 total):
| https://sindresorhus.com | https://openjsf.org/ | |
| http://www.apache.org/licenses/LICENSE-2.0 | http://underscorejs.org/ | |
| https://github.com/lodash/lodash | http://creativecommons.org/publicdomain/zero/1.0/ | |
| https://github.com/joyent/node | http://www.apache.org/licenses/ | |
| https://angular.io/license | http://www.w3.org/2000/svg | |
| http://www.w3.org/1999/xlink | https://events.zoominfo.com | |
| https://www.linkedin.com/in/hschuck?ziroao=true | https://evilmartians.com/chronicles/postcss-8-plugin-migration | |
| https://www.w3ctech.com/topic/2226 | https://github.com/apostrophecms/sanitize-html/issues/547 | |
| https://resumes.indeed.com/search/person.xyz | https://dev.zoominfo.com:3443 | |
| https://dev.zoominfo.com:44350 | https://dev.zoominfo.com:4200 | |
| https://login-staging.zoominfo.com/chrome-extension-login | https://cex-stg.zoominfo.com/cex-scraper-config-v1 | |
| https://cex-stg.zoominfo.com/unsupported-pages.json | https://cex-stg.zoominfo.com/notification-trigger-urls.config.json | |
| https://cex-stg.zoominfo.com/pixel-relevant-hosts-v2.jsonl | https://reachout-pixel-stg.zoominfo.com | |
| https://zi-lite-dev.zoominfo.com | https://essentials-dev.zoominfo.com | |
| https://dev.zoominfo.com:8080 | https://dozi-staging.zoominfo.com | |
| https://ro-dev.zoominfo.com | https://recruiter-app-staging.zoominfo.com | |
| https://selfparser-stg.zoominfo.com | https://dozi-staging.zoominfo.com/versions/default/regression | |
| https://ro-regression.zoominfo.com | https://zi-lite-regression.zoominfo.com | |
| https://essentials-regression.zoominfo.com | https://app-preprod.zoominfo.com | |
| https://ro-pre-prd.zoominfo.com | https://recruiter-app-pre.zoominfo.com | |
| https://login-preprod.zoominfo.com/chrome-extension-login | https://cex.zoominfo.com/cex-scraper-config-v1 | |
| https://cex.zoominfo.com/unsupported-pages.json | https://cex.zoominfo.com/notification-trigger-urls.config.json | |
| https://cex.zoominfo.com/pixel-relevant-hosts-v2.jsonl | https://app.zoominfo.com | |
| https://zi-lite-pre-prd.zoominfo.com | https://essentials-pre-prd.zoominfo.com | |
| https://selfparser.zoominfo.com | https://ro.zoominfo.com | |
| https://recruiter-app.zoominfo.com | https://login.zoominfo.com/chrome-extension-login | |
| https://zi-lite.zoominfo.com | https://essentials.zoominfo.com | |
| https://selfparser.zoominfo.com/config | http://www.w3.org/1999/xhtml | |
| http://www.w3.org/XML/1998/namespace | http://www.w3.org/2000/xmlns/ | |
| http://www.w3.org/1998/MathML/ | https://storage.googleapis.com/yazi-prd-pet-llama-frontend-assets.zoominfo.com/assets/font-awesome/master/frontend-font-awesome/latest/css/custom-icons.css | |
| https://assets.zoominfo.co/fonts/font-awesome/fa-brands-400.woff2 | https://assets.zoominfo.co/fonts/font-awesome/fa-brands-400.ttf | |
| https://assets.zoominfo.co/fonts/font-awesome/fa-duotone-900.woff2 | https://assets.zoominfo.co/fonts/font-awesome/fa-duotone-900.ttf | |
| https://assets.zoominfo.co/fonts/font-awesome/fa-light-300.woff2 | https://assets.zoominfo.co/fonts/font-awesome/fa-light-300.ttf | |
| https://assets.zoominfo.co/fonts/font-awesome/fa-regular-400.woff2 | https://assets.zoominfo.co/fonts/font-awesome/fa-regular-400.ttf | |
| https://assets.zoominfo.co/fonts/font-awesome/fa-solid-900.woff2 | https://assets.zoominfo.co/fonts/font-awesome/fa-solid-900.ttf | |
| https://assets.zoominfo.co/fonts/font-awesome/fa-thin-100.woff2 | https://assets.zoominfo.co/fonts/font-awesome/fa-thin-100.ttf | |
| https://assets.zoominfo.co/fonts/font-awesome/fa-v4compatibility.woff2 | https://assets.zoominfo.co/fonts/font-awesome/fa-v4compatibility.ttf | |
| https://fontawesome.com | https://fontawesome.com/license | |
| https://assets.zoominfo.co/fonts/icomoon/ZoomInfoDesignSystemV2/symbol-defs.svg | https://assets.zoominfo.co/fonts/icomoon/ZoomInfoDesignSystemV2/ZoomInfoDesignSystemV2.css | |
| https://api2.amplitude.com/2/httpapi | https://api.eu.amplitude.com/batch |
Raw Manifest
{ "name": "ZoomInfo Chrome Extension", "icons": { "16": "assets/image/16x16.png", "32": "assets/image/32x32.png", "48": "assets/image/48x48.png", "128": "assets/image/128x128.png" }, "action": { "default_icon": "assets/image/16x16.png" }, "version": "11.39.0", "commands": { "toggle-extension": { "description": "Open the ZoomInfo Chrome Extension", "suggested_key": { "mac": "Command+J", "default": "Ctrl+J" } } }, "background": { "type": "module", "service_worker": "background.bundle.js" }, "update_url": "https://clients2.google.com/service/update2/crx", "description": "Access ZoomInfo's best-in-class contact and company data on any website using our Chrome Extension. Free for ZoomInfo customers.", "permissions": [ "tabs", "storage", "contextMenus" ], "content_scripts": [ { "js": [ "index.bundle.js" ], "css": [ "styles.css" ], "run_at": "document_start", "matches": [ "<all_urls>" ], "exclude_globs": [ "*-dev.zoominfo.com*", "*-staging.zoominfo.com*", "*-regression.zoominfo.com*", "*app.zoominfo.com*", "*apps.zoominfo.com*", "*admin.zoominfo.com*", "*copilot.zoominfo.com*", "*copilot-dev.zoominfo.com*", "*-preprod.zoominfo.com*", "*-pre-prd.zoominfo.com*", "*login.zoominfo.com*", "*zi-lite.zoominfo.com*", "*zi-lite-pre-prd.zoominfo.com*", "*zi-lite-regression.zoominfo.com*", "*zi-lite-dev.zoominfo.com*", "*essentials.zoominfo.com*", "*gtm-studio.zoominfo.com*" ] } ], "host_permissions": [ "http://*/", "https://*/", "https://www.google.com/_/chrome/newtab*" ], "manifest_version": 3, "externally_connectable": { "ids": [ "*" ], "matches": [ "*://*.zoominfo.com/*", "*://*.chorus.ai/*" ] }, "content_security_policy": { "extension_pages": "script-src 'self'; object-src 'self'" }, "web_accessible_resources": [ { "matches": [ "http://*/*", "https://*/*" ], "resources": [ "assets/*", "index.html" ] } ] }
ⓘ CRXaminer has partnered with our friends at Secure Annex to provide additional findings unique to their platform.
Secure Annex also analyzes extensions from other browsers, IDEs, and can continuously monitor.
This extension may not yet be analyzed by Secure Annex.