[ new scan ] [ statistics ] [ github ] [ twitter ] [ help ]

Riverside DataManager

Version 0.0.0.12 View in Chrome Web Store

Last scanned: about 2 hours ago

Extension Details

Rating: 5.0 ★ (2 ratings)

Context-Aware Verdict

HIGH

Overall Risk

Trust Factors:

The extension has extremely limited trust indicators with only 2 ratings and a perfect 5.0 score, which is insufficient for meaningful assessment. The lack of visible user count, missing author information, and absent developer details raise significant red flags. The extension name "Riverside DataManager" suggests data management functionality, but without proper documentation or company backing, its legitimacy is questionable.

Concerns:

The permission set is highly concerning for an extension with unclear purpose and minimal adoption. The clipboardWrite permission poses the highest risk as it allows modification of clipboard content, potentially enabling credential theft or malicious data injection. The webview permission creates additional attack surfaces by allowing embedded web content. The audioCapture and videoCapture permissions are particularly alarming for a "data manager" - these suggest surveillance capabilities that seem unrelated to data management. The system.display permission provides unnecessary system access, and the combination of all these permissions creates a powerful toolkit for malicious activities.

Recommendations:

Do not install this extension due to the high-risk permission combination and lack of trustworthy indicators. If data management functionality is needed, seek well-established alternatives from verified developers with substantial user bases and transparent company information. The excessive permissions relative to the stated purpose suggest potential malware or surveillance software.

Findings

HIGH

High-Risk Permission: clipboardWrite

This extension has the clipboardWrite permission. Can modify clipboard content. This could potentially be used maliciously to compromise security or privacy.

MEDIUM

Medium-Risk Permission: storage

This extension has the storage permission. Can store data locally.

MEDIUM

Medium-Risk Permission: webview

This extension has the webview permission. Can embed web content in the extension.

MEDIUM

Older Manifest Version

This extension uses Manifest Version 2, which has fewer security restrictions than Manifest V3. Consider using extensions that have upgraded to V3.

Raw Manifest

{
  "app": {
    "background": {
      "scripts": [
        "main.js"
      ]
    }
  },
  "name": "Riverside DataManager",
  "icons": {
    "128": "AppIcon128.png"
  },
  "version": "0.0.0.12",
  "commands": {
    "exit-app": {
      "description": "Exit the app",
      "suggested_key": {
        "default": "Ctrl+Q"
      }
    }
  },
  "short_name": "Riverside DataManager",
  "update_url": "https://clients2.google.com/service/update2/crx",
  "description": "Riverside DataManager",
  "permissions": [
    "webview",
    "clipboardWrite",
    "system.display",
    "storage",
    "tts",
    "audioCapture",
    "videoCapture"
  ],
  "kiosk_enabled": true,
  "manifest_version": 2,
  "minimum_chrome_version": "35"
}

by ✦ Astarte

http://www.starttest.com/custom/riverside/chrome/readiness.html	http://itbscogat.starttest.com
https://clients2.google.com/service/update2/crx	http://colorzilla.com/gradient-editor/#d0dbf6+0

Riverside DataManager

Extension Details

Context-Aware Verdict

Findings

Security Analysis Details

Required Permissions:

Embedded URLs (4 total):

Raw Manifest

Detections

Manifest Findings