Extension Details
Context-Aware Verdict
The extension has a relatively small user base of 7,000 users with only 4 ratings, which provides limited community validation. The 4.0 rating is decent but based on very few reviews. The lack of clear author information and developer details raises transparency concerns. The extension appears to be related to a service at gograyscale.com, suggesting it may be a legitimate productivity tool for website grayscale filtering.
The most significant concern is the combination of broad host permissions covering all URLs and content script injection capabilities across all websites. This creates a powerful attack surface that could be exploited to steal credentials, personal data, or track browsing behavior across the entire web. The storage permission, while necessary for functionality, combined with these broad permissions could enable persistent data collection. The contextMenus permission is relatively benign but adds to the overall permission footprint.
Given the high-risk profile, consider running this extension in a separate Chrome profile dedicated to non-sensitive browsing activities. Before installation, verify the legitimacy of the gograyscale.com service and ensure it aligns with your needs. Monitor the extension's behavior after installation and consider alternatives with more limited permissions if available. Only install if the grayscale functionality is essential to your workflow, and regularly review whether you still need it installed.
Findings
Security Analysis Details
Required Permissions:
- sidePanel
- storage
- alarms
- contextMenus
- scripting
Host Permissions:
- https://app.gograyscale.com/*
- <all_urls>
Embedded URLs (16 total):
| http://stackoverflow.com/a/16459606/376773 | https://github.com/facebook/react-native/pull/1632 | |
| http://stackoverflow.com/a/398120/376773 | https://developer.mozilla.org/en-US/docs/Tools/Web_Console#Styling_messages | |
| https://clients2.google.com/service/update2/crx | https://app.gograyscale.com/ | |
| http://ecma-international.org/ecma-262/7.0/#sec-object.prototype.tostring | http://www.ecma-international.org/ecma-262/7.0/#sec-ecmascript-language-types | |
| http://ecma-international.org/ecma-262/7.0/#sec-patterns | http://ecma-international.org/ecma-262/7.0/#sec-samevaluezero | |
| http://ecma-international.org/ecma-262/7.0/#sec-tolength | http://ecma-international.org/ecma-262/7.0/#sec-object.keys | |
| http://ecma-international.org/ecma-262/7.0/#sec-properties-of-the-map-prototype-object | http://www.ecma-international.org/ecma-262/7.0/#sec-regexp.prototype.tostring | |
| https://bugs.webkit.org/show_bug.cgi?id=156034 | https://css-tricks.com/debouncing-throttling-explained-examples/ |
Raw Manifest
{ "name": "Grayscale", "icons": { "16": "images/logo-16.png", "32": "images/logo-32.png", "48": "images/logo-48.png", "128": "images/logo-128.png" }, "action": { "default_title": "Click to open panel" }, "version": "2.0.4.0", "background": { "type": "module", "service_worker": "background.js" }, "side_panel": { "default_path": "sidepanel/index.html" }, "update_url": "https://clients2.google.com/service/update2/crx", "description": "The AI messaging platform for all your talent needs", "permissions": [ "sidePanel", "storage", "alarms", "contextMenus", "scripting" ], "content_scripts": [ { "js": [ "toggle.js" ], "matches": [ "<all_urls>" ] } ], "host_permissions": [ "https://app.gograyscale.com/*", "<all_urls>" ], "manifest_version": 3, "externally_connectable": { "matches": [ "https://app.gograyscale.com/*" ] }, "web_accessible_resources": [ { "matches": [ "<all_urls>" ], "resources": [ "content.js", "content.js.map", "toggle.js", "toggle.js.map", "assets/*", "images/*" ] } ] }
ⓘ CRXaminer has partnered with our friends at Secure Annex to provide additional findings unique to their platform.
Secure Annex also analyzes extensions from other browsers, IDEs, and can continuously monitor.
This extension may not yet be analyzed by Secure Annex.