Extension Details
Context-Aware Verdict
The extension is developed by the official GNOME project (extensions.gnome.org), which is a well-established open-source desktop environment with strong community backing. With 700,000 users and a 3.8-star rating, it demonstrates reasonable adoption and user satisfaction. The extension serves a legitimate technical purpose - integrating Chrome with GNOME Shell extensions management.
The nativeMessaging permission allows direct communication with native applications on your system, which could potentially be exploited if the extension or GNOME infrastructure were compromised. While the host permissions are appropriately limited to official GNOME domains, the combination of native messaging with storage and notifications creates multiple attack vectors. The extension essentially acts as a bridge between your browser and desktop environment, which inherently carries elevated risk.
This extension is generally safe for users of GNOME desktop environments who need to manage shell extensions through their browser. The risk is acceptable given its official source and specific functionality. However, users should ensure they're running updated versions of both the extension and GNOME Shell. If you don't actively use GNOME Shell extensions or have switched to a different desktop environment, consider removing this extension to reduce your attack surface. Monitor for any unusual system behavior or unexpected notifications after installation.
Findings
Security Analysis Details
Required Permissions:
- nativeMessaging
- notifications
- storage
Optional Permissions:
- idle
Host Permissions:
- https://extensions.gnome.org/
- https://extensions-next.gnome.org/
Embedded URLs (12 total):
| https://extensions.gnome.org | http://gnome.cult.bg | |
| http://gnome.cult.bg/bugs | http://www.dansk-gruppen.dk | |
| https://launchpad.net/~trebelnik-stefina | https://nl.gnome.org | |
| https://gnome.pages.gitlab.gnome.org/gnome-browser-integration/extension- | https://extensions.gnome.org/ | |
| https://extensions-next.gnome.org/ | https://gnome.pages.gitlab.gnome.org/gnome-browser-integration/pages/installation-guide.html | |
| https://wiki.gnome.org/Projects/GnomeShell/Extensions/UUIDGuidelines | https://clients2.google.com/service/update2/crx |
Raw Manifest
{ "key": "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlig8TAPPQZinMkJnptC0ldizx6fG9jSjZDJ9c8GuLcXeGRH+NMlQuPC9bR5IQlT7+4VY/1tm1+IZ4xvITx1wXCNTR+KXzZv3VNc2D+logehK7oIRTRj0fLhixrx4NLSNK7L7HgV2xcIoW6QV0jOdFcTPL0mWXodXSzZePrvXuflF7qpwNxLzYVi04Vh3xu2oR2Pc9SwfZ4SNbyCaunH/p8n5AYmDuogI2Ah++RZw0ctnqn7mmHrGXteBu/vkpcHZu3B3eW9PFSrv69rRs8duybYR9C91hJm6yzRqZqIpindIU3k2HnNWeCFWkRVpZPhaNVoxcBUO7wWUUwdIflW2JwIDAQAB", "name": "__MSG_gs_chrome__", "icons": { "16": "icons/GnomeLogo-16.png", "48": "icons/GnomeLogo-48.png", "128": "icons/GnomeLogo-128.png" }, "action": { "default_icon": { "16": "icons/GnomeLogo-16.png", "32": "icons/GnomeLogo-32.png" }, "default_title": "__MSG_open_website__" }, "author": "Yuri Konotopov <ykonotopov@gnome.org>", "version": "12.1", "background": { "type": "module", "service_worker": "extension.js" }, "options_ui": { "page": "options.html", "open_in_tab": false }, "short_name": "GS Chrome", "update_url": "https://clients2.google.com/service/update2/crx", "description": "__MSG_manifest_description__", "permissions": [ "nativeMessaging", "notifications", "storage" ], "default_locale": "en", "content_scripts": [ { "js": [ "include/constants-script.js", "include/compat-content-script.js", "content-script-start.js" ], "run_at": "document_start", "matches": [ "https://extensions.gnome.org/*", "https://extensions-next.gnome.org/*" ] } ], "host_permissions": [ "https://extensions.gnome.org/", "https://extensions-next.gnome.org/" ], "manifest_version": 3, "optional_permissions": [ "idle" ], "externally_connectable": { "matches": [ "https://extensions.gnome.org/*", "https://extensions-next.gnome.org/*" ] }, "web_accessible_resources": [ { "matches": [ "https://extensions.gnome.org/*", "https://extensions-next.gnome.org/*" ], "resources": [ "include/sweettooth-api.js" ] } ] }
ⓘ CRXaminer has partnered with our friends at Secure Annex to provide additional findings unique to their platform.
Secure Annex also analyzes extensions from other browsers, IDEs, and can continuously monitor.
This extension may not yet be analyzed by Secure Annex.