View Image Button

Version 0.1.7 View in Chrome Web Store

Last scanned: 1 day ago | force re-scan

Extension Details

Rating: 4.0 ★ (64 ratings)

Users: 10,000

Context-Aware Verdict

MEDIUM

Overall Risk

Trust Factors:

The extension has a moderate user base of 10,000 users with a decent 4.0-star rating from 64 reviews, suggesting general user satisfaction. However, the lack of developer information and company details raises some transparency concerns. The extension appears to serve a legitimate purpose of adding view image functionality.

Concerns:

The primary concern is the broad content script injection capability that allows the extension to run on all websites (*://*/*). This is particularly problematic for an image viewing tool, as it grants unnecessary access to sensitive sites like banking, email, and social media platforms. The extension could potentially intercept user data, modify website content, or capture credentials on any site you visit. The storage permission, while less concerning, allows the extension to save data locally which could include browsing patterns or other information.

Recommendations:

Consider running this extension in a separate Chrome profile dedicated to casual browsing to limit exposure of sensitive accounts. Before installing, verify that the functionality truly requires access to all websites - a legitimate image viewer should ideally only need access to image hosting sites or specific domains. Monitor the extension's behavior and consider alternatives that request more limited permissions. If you must use this extension, avoid using it while accessing sensitive websites like online banking or work-related platforms.

Findings

HIGH

Broad Content Script Injection

This extension can inject scripts into any website. This means it could potentially read sensitive data, modify website content, or steal credentials.

MEDIUM

Medium-Risk Permission: storage

This extension has the storage permission. Can store data locally.

Raw Manifest

{
  "name": "View Image Button",
  "icons": {
    "16": "data/icons/16.png",
    "32": "data/icons/32.png",
    "48": "data/icons/48.png",
    "64": "data/icons/64.png",
    "128": "data/icons/128.png"
  },
  "action": {
    "default_icon": {
      "16": "data/icons/16.png",
      "32": "data/icons/32.png",
      "48": "data/icons/48.png",
      "64": "data/icons/64.png"
    },
    "default_title": "View Image Button"
  },
  "version": "0.1.7",
  "commands": {
    "_execute_action": {}
  },
  "background": {
    "service_worker": "background.js"
  },
  "update_url": "https://clients2.google.com/service/update2/crx",
  "description": "Bring back the view image button for Google image search results.",
  "permissions": [
    "storage"
  ],
  "homepage_url": "https://mybrowseraddon.com/view-image-button.html",
  "content_scripts": [
    {
      "js": [
        "data/content_script/inject.js"
      ],
      "run_at": "document_start",
      "matches": [
        "*://*/*"
      ],
      "include_globs": [
        "*://*.google.*/*"
      ]
    }
  ],
  "manifest_version": 3
}

by ✦ Astarte

View Image Button

Extension Details

Context-Aware Verdict

Findings

Security Analysis Details

Required Permissions:

Embedded URLs (2 total):

Raw Manifest

Detections

Manifest Findings