Animated Cursors Forever!
Version 1.5 View in Chrome Web Store
Extension Details
Context-Aware Verdict
The extension has a modest user base of 7,000 users with a below-average rating of 3.6 stars from only 30 reviews, which suggests limited user satisfaction or engagement. The lack of developer information and missing last updated date raises transparency concerns. For a cursor animation extension, the functionality appears straightforward and legitimate.
The primary concern is the broad content script injection capability across all websites (<all_urls>), which is excessive for a cursor animation tool. This permission allows the extension to access and potentially modify content on every website you visit, including sensitive sites like banking or email platforms. While cursor animations require some web page interaction, the scope seems unnecessarily broad. The storage permission, while lower risk, allows data collection and storage on your device.
Consider running this extension in a separate Chrome profile dedicated to non-sensitive browsing activities. This isolates it from your main browsing profile containing important accounts and personal data. Before installation, evaluate if animated cursors are worth the privacy trade-off. Monitor the extension's behavior and remove it if you notice any suspicious activity or performance issues. Consider alternatives that might offer similar functionality with more limited permissions, or simply use your operating system's built-in cursor customization options instead.
Findings
Security Analysis Details
Required Permissions:
- storage
Embedded URLs (18 total):
| https://chrome.google.com/webstore/detail/glbompdcoknijlagjdallgimohbcopem | https://lettucegoblin.github.io/animated-cursors-forever/ | |
| https://stackoverflow.com/questions/13932291/css-cursor-using-data-uri | https://stackoverflow.com/questions/48304752/converting-a-png-jpg-to-ico-in-javascript | |
| https://stackoverflow.com/questions/38004917/how-to-render-a-blob-on-a-canvas-element | https://www.gdgsoft.com/anituner/help/aniformat.htm | |
| http://www.toolsandtips.de/Tutorial/Aufbau-Animierte-Cursor.htm | https://gist.github.com/grassmunk/93d46d6b665d210215cde9331e875d17 | |
| https://stackoverflow.com/questions/32556664/getting-byte-array-through-input-type-file | https://developer.mozilla.org/en-US/docs/Web/API/File | |
| https://developer.mozilla.org/en-US/docs/Web/CSS/CSS_Basic_User_Interface/Using_URL_values_for_the_cursor_property | https://developer.mozilla.org/en-US/docs/Web/API/Element/animate | |
| https://fsf.org/ | https://www.gnu.org/licenses/ | |
| https://www.gnu.org/licenses/why-not-lgpl.html | https://clients2.google.com/service/update2/crx | |
| https://www.cursors-4u.com/ | https://stackoverflow.com/a/16245768 |
Raw Manifest
{ "name": "Animated Cursors Forever!", "icons": { "16": "icon16.png", "32": "icon32.png", "128": "icon128.png", "256": "icon256.png" }, "action": { "default_popup": "popup.html" }, "version": "1.5", "background": { "service_worker": "service-worker.js" }, "update_url": "https://clients2.google.com/service/update2/crx", "description": "Chrome extension that brings animated cursors back to the web! Supports .ani and .cur files.", "permissions": [ "storage" ], "content_scripts": [ { "js": [ "animcursors.js", "injectCursor.js" ], "matches": [ "<all_urls>" ] } ], "manifest_version": 3 }
ⓘ CRXaminer has partnered with our friends at Secure Annex to provide additional findings unique to their platform.
Secure Annex also analyzes extensions from other browsers, IDEs, and can continuously monitor.
This extension may not yet be analyzed by Secure Annex.