[ new scan ] [ statistics ] [ github ] [ twitter ] [ help ]

Arcify: Arc like vertical tab spaces

Version 5.0.0 View in Chrome Web Store

Last scanned: about 1 hour ago

Extension Details

Rating: 4.4 ★ (36 ratings)

Users: 5,000

Context-Aware Verdict

HIGH

Overall Risk

Trust Factors:

The extension has a modest user base of 5,000 users with a solid 4.4-star rating from 36 reviews, suggesting users find it functional. However, the lack of visible developer information and company details raises transparency concerns. The extension appears to be a legitimate productivity tool for organizing browser tabs in a vertical layout similar to Arc browser.

Concerns:

The extension requests several high-risk permissions that seem excessive for a tab organization tool. The clipboardWrite permission is particularly concerning as it's unnecessary for managing tabs and could be exploited to inject malicious content. The bookmarks permission also appears unnecessary unless the extension specifically manages bookmark organization. The combination of tabs, scripting, and clipboardWrite permissions creates potential attack vectors for data theft or malicious script injection. The storage permission, while expected for saving user preferences, adds to the overall risk profile.

Recommendations:

Given the high-risk permission combination, consider running this extension in a separate Chrome profile to isolate potential security risks. Before installation, verify that the extension's functionality truly requires bookmark and clipboard access. Monitor the extension's behavior after installation and revoke permissions if possible through Chrome's extension settings. Consider alternative tab management extensions with more limited permission requests if this functionality is essential to your workflow.

Findings

HIGH

High-Risk Permission: bookmarks

This extension has the bookmarks permission. Can access and modify bookmarks. This could potentially be used maliciously to compromise security or privacy.

HIGH

High-Risk Permission: clipboardWrite

This extension has the clipboardWrite permission. Can modify clipboard content. This could potentially be used maliciously to compromise security or privacy.

HIGH

High-Risk Permission: tabs

This extension has the tabs permission. Can access browser tab information and manipulate tabs. This could potentially be used maliciously to compromise security or privacy.

MEDIUM

Medium-Risk Permission: storage

This extension has the storage permission. Can store data locally.

Security Analysis Details

Required Permissions:

tabs
tabGroups
sidePanel
storage
bookmarks
alarms
commands
favicon
scripting
clipboardWrite

Embedded URLs (20 total):

http://fsf.org/	http://www.gnu.org/licenses/
http://www.gnu.org/philosophy/why-not-lgpl.html	https://img.shields.io/badge/License-GPLv3-blue.svg
https://www.gnu.org/licenses/gpl-3.0	https://github.com/nisargkolhe/arcify.git
https://github.com/nisargkolhe/arcify/actions	https://github.com/nisargkolhe/arcify/releases
https://github.com/nisargkolhe/arcify/issues	https://discord.gg/D9jQHQnjNb
https://fonts.googleapis.com	https://fonts.gstatic.com
https://fonts.googleapis.com/css2?family=Varela+Round&display=swap	https://chromewebstore.google.com/detail/arcify-spotlight/pegemlhekkccgoidiphojbpnabahjmff
https://arcify.io?	https://arcify.io
https://clients2.google.com/service/update2/crx	http://www.w3.org/2000/svg
https://fontawesome.com	https://fontawesome.com/license/free

Raw Manifest

{
  "name": "Arcify: Arc like vertical tab spaces",
  "icons": {
    "128": "assets/icon.png"
  },
  "action": {},
  "version": "5.0.0",
  "commands": {
    "NextTabInSpace": {
      "description": "Navigates to next tab in space"
    },
    "PrevTabInSpace": {
      "description": "Navigates to prev tab in space"
    },
    "copyCurrentUrl": {
      "description": "Copy current tab URL"
    },
    "quickPinToggle": {
      "description": "Quick Pin/Unpin Tab",
      "suggested_key": {
        "default": "Alt+D"
      }
    },
    "_execute_action": {
      "description": "Toggle side panel",
      "suggested_key": {
        "default": "Alt+S"
      }
    }
  },
  "background": {
    "type": "module",
    "service_worker": "background.js"
  },
  "side_panel": {
    "default_path": "sidebar.html"
  },
  "update_url": "https://clients2.google.com/service/update2/crx",
  "description": "A sidebar extension that replicates Arc browser's tab management system",
  "permissions": [
    "tabs",
    "tabGroups",
    "sidePanel",
    "storage",
    "bookmarks",
    "alarms",
    "commands",
    "favicon",
    "scripting",
    "clipboardWrite"
  ],
  "options_page": "options.html",
  "manifest_version": 3,
  "externally_connectable": {
    "ids": [
      "*"
    ]
  },
  "web_accessible_resources": [
    {
      "matches": [
        "<all_urls>"
      ],
      "resources": [
        "sidebar.js",
        "onboarding.js",
        "installation-onboarding.js",
        "assets/*",
        "_favicon/*"
      ],
      "extension_ids": [
        "*"
      ]
    }
  ]
}

by ✦ Astarte

Arcify: Arc like vertical tab spaces

Extension Details

Context-Aware Verdict

Findings

Security Analysis Details

Required Permissions:

Embedded URLs (20 total):

Raw Manifest

Detections

Manifest Findings