[ new scan ] [ statistics ] [ github ] [ twitter ] [ help ]

Anki Dictionary

Version 2.1.15 View in Chrome Web Store

Last scanned: about 12 hours ago

Extension Details

Developer: wordwise.me

Rating: 4.1 ★ (22 ratings)

Users: 1,000

Context-Aware Verdict

CRITICAL

Overall Risk

Trust Factors:

The extension has a relatively small user base of only 1,000 users, which limits community validation. The 4.1 rating from 22 reviews provides minimal confidence given the small sample size. The developer "wordwise.me" appears to be associated with a language learning service, which aligns with the extension's purpose as an Anki dictionary tool. However, the lack of detailed developer information and limited adoption raises trust concerns.

Concerns:

The extension exhibits several red flags that justify the critical risk rating. The identity permission is particularly concerning as it can access personal authentication data, which seems unnecessary for a dictionary function. The tabs permission combined with broad content script injection across all URLs creates significant privacy and security risks. The extension can read and modify content on every website you visit, potentially capturing sensitive information like passwords, financial data, or personal communications. The host permissions to Supabase and Google Analytics suggest data collection and external transmission capabilities.

Recommendations:

Given the critical risk level, avoid installing this extension on your primary browser profile. If you must use it, create a dedicated Chrome profile specifically for this extension and limit your browsing activities in that profile to non-sensitive websites. Consider alternative Anki dictionary extensions with more restrictive permissions or use standalone dictionary applications instead. The broad permissions far exceed what's typically necessary for dictionary functionality, making this extension unsuitable for general use.

Findings

HIGH

Broad Content Script Injection

This extension can inject scripts into any website. This means it could potentially read sensitive data, modify website content, or steal credentials.

HIGH

Broad Host Permissions

This extension has broad host permissions allowing it to access many or all websites. This could potentially be used to steal sensitive data or track browsing activity.

HIGH

High-Risk Permission: identity

This extension has the identity permission. Can access your identity information. This could potentially be used maliciously to compromise security or privacy.

HIGH

High-Risk Permission: tabs

This extension has the tabs permission. Can access browser tab information and manipulate tabs. This could potentially be used maliciously to compromise security or privacy.

MEDIUM

Access to Sensitive Domains

This extension requests access to sensitive domains: https://wordwise.me/*, https://www.google-analytics.com/*. Ensure you trust this extension with access to these sites.

MEDIUM

Medium-Risk Permission: contextMenus

This extension has the contextMenus permission. Can add items to the context menu.

MEDIUM

Medium-Risk Permission: storage

This extension has the storage permission. Can store data locally.

Security Analysis Details

Required Permissions:

contextMenus
identity
tabs
storage

Host Permissions:

https://*.supabase.co/*
https://wordwise.me/*
https://www.google-analytics.com/*

Embedded URLs (27 total):

http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd	http://www.w3.org/2000/svg
http://www.w3.org/1999/xlink	http://www.serif.com/
https://rgkbbviwwtmranlbtcue.supabase.co	https://wordwise.me/api/lookup
https://api-prod.ankiwords.xyz/words/	https://wordwise.me
https://docs.google.com/forms/d/e/1FAIpQLSf1kT4XokXgvjdf_61xT8G-rhcMQk6E3hQBGzaIowuyEGJDjw/viewform	https://www.google-analytics.com/mp/collect
https://developer.mozilla.org/en-US/docs/Web/API/LockManager/request	https://github.com/orgs/supabase/discussions/37217
https://wordwise.me?utm_source=ww-card&utm_medium=referral	https://wordwise.me/report-error?utm_source=ww-card&utm_medium=referral
https://wordwise.me/faq?utm_source=ww-card&utm_medium=referral&utm_campaign=error-hint#how-to-install-ankiconnect	https://dictionary.cambridge.org
https://clients2.google.com/service/update2/crx	https://wordwise.me/
https://www.google-analytics.com/	https://dictionary.cambridge.org/media/english/uk_pron/u/ukb/ukbut/ukbutte003.mp3
https://apps.ankiweb.net	https://ankiweb.net/shared/info/2055492159
https://react.dev/errors/	http://www.w3.org/1998/Math/MathML
http://www.w3.org/XML/1998/namespace	https://ankiwords.xyz/howto#prep
https://undraw.co/

Raw Manifest

{
  "name": "Anki Dictionary",
  "icons": {
    "48": "icon/48.png",
    "64": "icon/64.png",
    "96": "icon/96.png",
    "128": "icon/128.png",
    "196": "icon/196.png"
  },
  "action": {
    "default_popup": "popup.html",
    "default_title": "Anki Dictionary by Wordwise"
  },
  "version": "2.1.15",
  "background": {
    "service_worker": "background.js"
  },
  "options_ui": {
    "page": "options.html"
  },
  "short_name": "Anki Dictionary",
  "update_url": "https://clients2.google.com/service/update2/crx",
  "description": "Look up words instantly and save them as Anki flashcards, 100x faster than manual entry. Any language, auto-detected.",
  "permissions": [
    "contextMenus",
    "identity",
    "tabs",
    "storage"
  ],
  "content_scripts": [
    {
      "js": [
        "content-scripts/lookup.js"
      ],
      "matches": [
        "<all_urls>"
      ]
    }
  ],
  "host_permissions": [
    "https://*.supabase.co/*",
    "https://wordwise.me/*",
    "https://www.google-analytics.com/*"
  ],
  "manifest_version": 3
}

by ✦ Astarte

Anki Dictionary

Extension Details

Context-Aware Verdict

Findings

Security Analysis Details

Required Permissions:

Host Permissions:

Embedded URLs (27 total):

Raw Manifest

Detections

Manifest Findings