Extension Details
Context-Aware Verdict
The extension has a moderate user base of 10,000 users with a decent 4.3-star rating from 55 reviews, suggesting some level of user satisfaction. However, the lack of clear developer information and missing description raises transparency concerns. The extension uses Manifest V3, which is the more secure standard, and includes a Content Security Policy that restricts script sources to trusted domains including Google Fonts and Firebase.
The extension requests several powerful permissions that could be excessive for a tab management tool. The webNavigation permission allows comprehensive tracking of browsing behavior across all websites, while the tabs permission enables reading and manipulating all browser tabs. The storage permission, while common, allows data persistence. The combination of these permissions creates a significant privacy risk as the extension can monitor, record, and potentially exfiltrate detailed browsing patterns and tab information.
Given the high-risk permissions and limited transparency about the developer, consider running this extension in a separate Chrome profile to isolate it from sensitive browsing activities. Before installation, verify what specific tab management features actually require such broad permissions. Monitor the extension's behavior and consider alternatives with more limited permission requests. If you must use it, regularly review what data it might be collecting and consider your privacy settings carefully.
Findings
Security Analysis Details
Required Permissions:
- storage
- webNavigation
- tabs
- tabGroups
Content Security Policy:
- extension-pages: script-src 'self' https://fonts.googleapis.com/* https://*.firebaseio.com; object-src 'self'
Embedded URLs (21 total):
| https://fonts.googleapis.com/css?family=Roboto:300 | https://fonts.googleapis.com/icon?family=Material+Icons | |
| https://reactjs.org/docs/error-decoder.html?invariant= | http://www.w3.org/1999/xlink | |
| http://www.w3.org/XML/1998/namespace | http://www.w3.org/1999/xhtml | |
| http://www.w3.org/2000/svg | http://www.w3.org/1998/Math/MathML | |
| https://reactjs.org/link/react-polyfills | https://clients2.google.com/service/update2/crx | |
| https://fonts.googleapis.com/ | https://github.com/cssinjs/jss | |
| https://material-ui.com/production-error/?code= | http://jedwatson.github.io/classnames | |
| http://fb.me/use-check-prop-types | https://git.io/JUIaE# | |
| https://cdn.jsdelivr.net/npm/@emoji-mart/data@latest/sets/ | https://cdn.jsdelivr.net/npm/@emoji-mart/data@latest/i18n/ | |
| https://cdn.jsdelivr.net/npm/emoji-datasource- | https://www.google.com/chrome/update/ | |
| https://45845.wayscript.io?env=prod |
Raw Manifest
{ "name": "Acid Tabs", "icons": { "128": "acid-128.png" }, "action": { "default_icon": "acid-32.png", "default_popup": "popup.html" }, "version": "6.5.9", "commands": { "toggle-collapse": { "description": "Toggle collapse", "suggested_key": { "default": "Alt+Shift+C" } } }, "background": { "service_worker": "background.bundle.js" }, "update_url": "https://clients2.google.com/service/update2/crx", "description": "Auto-Grouping Magic for your Tabs", "permissions": [ "storage", "webNavigation", "tabs", "tabGroups" ], "options_page": "options.html", "manifest_version": 3, "content_security_policy": { "extension-pages": "script-src 'self' https://fonts.googleapis.com/* https://*.firebaseio.com; object-src 'self'" }, "web_accessible_resources": [ { "matches": [], "resources": [ "content.styles.css", "acid-128.png", "acid-32.png" ] } ] }
ⓘ CRXaminer has partnered with our friends at Secure Annex to provide additional findings unique to their platform.
Secure Annex also analyzes extensions from other browsers, IDEs, and can continuously monitor.
This extension may not yet be analyzed by Secure Annex.