asbplayer: Language-learning with subtitles
Version 1.9.1 View in Chrome Web Store
Last scanned: about 2 months ago
| force re-scan
Extension Details
Rating:
4.8 ★
(61 ratings)
Size:
8.71MiB
Last Updated:
February 11, 2025
Users:
20,000
Context-Aware Verdict
This section provides a Claude-based AI analysis that applies additional context to the risk. Results are not guaranteed to be accurate.
HIGH
Risk Level
Trust Factors:
- The extension has a relatively high number of users (20,000) and a good rating (4.8/5), which suggests some level of trust from the user community.
- However, the lack of developer information and a detailed description raises some concerns about transparency and accountability.
Concerns:
- The extension requests several permissions that seem unnecessary or overly broad for a language-learning tool, such as the ability to access and manipulate browser tabs, inject scripts into any website, and add context menu items.
- The broad content script injection permission is particularly concerning, as it could potentially be exploited to read sensitive data, modify website content, or steal credentials.
- The lack of transparency regarding the extension's background scripts and web accessible resources makes it difficult to fully assess the potential risks.
Recommendations:
- Exercise caution when installing and using this extension, as the broad permissions and lack of transparency raise significant security and privacy concerns.
- Consider running the extension in a separate browser profile or a sandboxed environment to isolate it from your main browsing activities and sensitive data.
- Monitor the extension's behavior and network traffic for any suspicious activities, and promptly remove it if you notice any concerning behavior.
- Seek alternative language-learning tools from reputable developers that request only the necessary permissions and provide clear information about their functionality and data practices.
Security Analysis
This section provides a detailed analysis of the extension's security posture, without broader context. Assumes worst-case impact.
HIGH
Overall Risk
Based on 5 total findings, ranked without considering overall context, including 2 high-risk and 3 medium-risk findings.
HIGH
Broad Content Script Injection
This extension can inject scripts into any website. This means it could potentially read sensitive data, modify website content, or steal credentials.
HIGH
High-Risk Permission: tabs
This extension has the tabs permission. Can access browser tab information and manipulate tabs. This could potentially be used maliciously to compromise security or privacy.
MEDIUM
Medium-Risk Permission: activeTab
This extension has the activeTab permission. Can access the active tab when clicking the extension icon.
MEDIUM
Medium-Risk Permission: contextMenus
This extension has the contextMenus permission. Can add items to the context menu.
MEDIUM
Medium-Risk Permission: storage
This extension has the storage permission. Can store data locally.
Security Analysis Details
Required Permissions:
- tabs
- tabCapture
- activeTab
- storage
- contextMenus
- sidePanel
- offscreen
Embedded URLs (307 total):
| https://developer.mozilla.org/en-US/docs/Web/SVG/Attribute/shape-rendering | https://www.w3.org/TR/SVG-access/#Equivalent | |
| https://www.w3.org/TR/WCAG20-TECHS/G17.html#G17-tests | https://github.com/twbs/bootstrap/blob/1d6e3710dd447de1a200f29e8fa521f8a0908f70/scss/_functions.scss#L59 | |
| https://github.com/material-components/material-components-web/blob/ac46b8863c4dab9fc22c4c662dc6bd1b65dd652f/packages/mdc-theme/_functions.scss#L54 | https://www.w3.org/TR/2008/REC-WCAG20-20081211/#visual-audio-contrast-contrast | |
| https://material.io/design/layout/understanding-layout.html#usage | https://github.com/mui-org/material-ui/tree/master/packages/material-ui-codemod/README.md#theme-spacing-api | |
| https://material-ui.com/r/pseudo-classes-guide | https://material-ui.com/r/migration-v4/#theme | |
| https://material.io/design/typography/the-type-system.html | https://material.io/design/typography/understanding-typography.html | |
| https://meyerweb.com/eric/thoughts/2006/02/08/unitless-line-heights/ | https://github.com/material-components/material-components-web/blob/be8747f94574669cb5e7add1a7c54fa41a89cec7/packages/mdc-elevation/_variables.scss | |
| https://material.google.com/motion/duration-easing.html#duration-easing-natural-easing-curves | https://material.io/guidelines/motion/duration-easing.html#duration-easing-common-durations | |
| https://www.wolframalpha.com/input/?i= | https://fb.me/react-controlled-components | |
| https://github.com/facebook/react/issues/14099#issuecomment-440013892 | https://github.com/WICG/focus-visible/blob/v4.1.5/src/focus-visible.js | |
| https://github.com/cssinjs/jss/blob/4e6a05dd3f7b6572fdd3ab216861d9e446c20331/src/utils/createGenerateClassName.js | https://github.com/facebook/react/blob/15a8f031838a553e41c0b66eb1bcf1da8448104d/packages/react/src/ReactElement.js#L221 | |
| https://github.com/thinkloop/multi-key-cache | https://babeljs.io/docs/en/babel-plugin-transform-template-literals#loose | |
| https://material-ui.com/production-error/?code= | https://material-ui.com/r/caveat-with-refs-guide | |
| https://github.com/airbnb/prop-types-exact | https://github.com/JamesMGreene/Function.name/blob/58b314d4a983110c3682f1228f845d39ccca1817/Function.name.js#L3 | |
| https://github.com/facebook/react/blob/769b1f270e1251d9dbdce0fcbd9e92e502d059b8/packages/shared/getComponentName.js | https://github.com/zloirock/core-js/issues/86#issuecomment-115759028 | |
| https://caniuse.com/#search=keyframes | https://caniuse.com/#search=appearance | |
| https://caniuse.com/#search=color-adjust | https://caniuse.com/#search=mask | |
| https://caniuse.com/#search=text-orientation | https://caniuse.com/#search=transform | |
| https://caniuse.com/#search=transition | https://caniuse.com/#search=writing-mode | |
| https://caniuse.com/#search=user-select | https://caniuse.com/#search=multicolumn | |
| https://github.com/postcss/autoprefixer/issues/491 | https://github.com/postcss/autoprefixer/issues/177 | |
| https://github.com/postcss/autoprefixer/issues/324. | https://caniuse.com/#search=scroll-snap | |
| https://caniuse.com/#search=overscroll-behavior | http://jsperf.com/element-style-object-access-vs-plain-object | |
| http://davidwalsh.name/vendor-prefix | https://github.com/tc39/proposal-shadowrealm/pull/384#issuecomment-1364264229 | |
| https://github.com/lodash/lodash/blob/4.17.15/dist/lodash.js#L6735-L6744 | https://github.com/ljharb/object.assign/issues/17 | |
| https://github.com/WebReflection/get-own-property-symbols/issues/4 | http://stackoverflow.com/a/1420225/5628 | |
| http://jsperf.com/array-join-vs-for | https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/globalThis#browser_compatibility | |
| https://developers.google.com/web/updates/2018/03/cssom | https://github.com/cssinjs/jss | |
| http://fb.me/use-check-prop-types | http://fb.me/prop-types-in-prod | |
| https://reactjs.org/docs/error-decoder.html?invariant= | http://www.w3.org/1999/xlink | |
| http://www.w3.org/XML/1998/namespace | http://www.w3.org/2000/svg | |
| http://www.w3.org/1998/Math/MathML | http://www.w3.org/1999/xhtml | |
| https://kb.acronis.com/content/39790 | http://en.wikipedia.org/wiki/C0_and_C1_control_codes | |
| http://unix.stackexchange.com/questions/32795/what-is-the-maximum-allowed-filename-and-folder-size-with-ecryptfs | https://mths.be/punycode | |
| https://mathiasbynens.be/notes/javascript-encoding | https://tools.ietf.org/html/rfc3492#section-3.4 | |
| https://code.google.com/p/chromium/issues/detail?id=25916 | http://foo.com | |
| http://www.example.com | https://stackoverflow.com/questions/63116039/camelcase-to-kebab-case | |
| https://stackoverflow.com/questions/5623838/rgb-to-hex-and-hex-to-rgb | http://127.0.0.1:8765 | |
| https://killergerbah.github.io/asbplayer | https://www.w3.org/TR/html4/struct/text.html#h-9.1 | |
| https://facebook.github.io/react/docs/forms.html#controlled-components | https://getbootstrap.com/docs/4.3/layout/grid/ |
Page 1 of 4
Raw Manifest
{ "key": "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxmdAa3ymqAjLms43ympXqtyuJnC2bSYh70+5ZZmtyx/MsnGhTEdfbqtsp3BKxHbv0rPd49+Joacm1Shik5/mCppZ0h4I4ISMm983X01H6p/hfAzQYAcnvw/ZQNHAv1QgY9JiuyTBirCDoYB50Fxol/kI/0EviYXuX83KoYpjB0VGP/ssY9ocT//fQUbRmeLDJnciry8y6MduWXHzseOP99axQIjeVsNTE30L4fRN+ppX3aOkG/RFJNx0eI02qbLul3qw5dUuBK5GgMbYftwjHnDoOegnZYFr1sxRO1zsgmxdp/6du75RiDPRJOkPCz2GTrw4CX2FCywbDZlqaIpwqQIDAQAB", "name": "asbplayer: Language-learning with subtitles", "icons": { "16": "assets/icon16.png", "48": "assets/icon48.png", "128": "assets/icon128.png" }, "action": { "default_title": "asbplayer" }, "version": "1.9.1", "commands": { "copy-subtitle": { "description": "__MSG_shortcutMineSubtitleDescription__" }, "take-screenshot": { "description": "__MSG_shortcutTakeScreenshotDescription__", "suggested_key": { "mac": "MacCtrl+Shift+V", "default": "Ctrl+Shift+V" } }, "toggle-recording": { "description": "__MSG_shortcutToggleRecordingDescription__" }, "update-last-card": { "description": "__MSG_shortcutUpdateLastCardDescription__", "suggested_key": { "mac": "MacCtrl+Shift+U", "default": "Ctrl+Shift+U" } }, "toggle-video-select": { "description": "__MSG_shortcutSelectSubtitleTrackDescription__", "suggested_key": { "mac": "MacCtrl+Shift+F", "default": "Ctrl+Shift+F" } }, "copy-subtitle-with-dialog": { "description": "__MSG_shortcutMineSubtitleAndOpenDialogDescription__", "suggested_key": { "mac": "MacCtrl+Shift+X", "default": "Ctrl+Shift+X" } } }, "background": { "service_worker": "background.js" }, "options_ui": { "page": "settings-ui.html", "open_in_tab": true }, "side_panel": { "default_path": "side-panel.html" }, "update_url": "https://clients2.google.com/service/update2/crx", "description": "__MSG_extensionDescription__", "permissions": [ "tabs", "tabCapture", "activeTab", "storage", "contextMenus", "sidePanel", "offscreen" ], "default_locale": "en", "content_scripts": [ { "js": [ "video.js" ], "css": [ "video.css" ], "run_at": "document_idle", "matches": [ "<all_urls>" ], "all_frames": true, "exclude_globs": [ "*://killergerbah.github.io/asbplayer*" ] }, { "js": [ "page.js" ], "run_at": "document_start", "matches": [ "<all_urls>" ], "all_frames": true, "exclude_globs": [ "*://killergerbah.github.io/asbplayer*" ] }, { "js": [ "asbplayer.js" ], "run_at": "document_start", "matches": [ "*://killergerbah.github.io/asbplayer*" ], "all_frames": true } ], "manifest_version": 3, "minimum_chrome_version": "116", "web_accessible_resources": [ { "matches": [ "<all_urls>" ], "resources": [ "assets/image.png", "assets/fonts.css", "assets/Roboto-Bold.woff2", "assets/Roboto-Light.woff2", "assets/Roboto-Medium.woff2", "assets/Roboto-Regular.woff2", "assets/Roboto-BoldItalic.woff2", "assets/Roboto-LightItalic.woff2", "assets/Roboto-MediumItalic.woff2", "assets/Roboto-Italic.woff2", "pages/netflix-page.js", "pages/youtube-page.js", "pages/tver-page.js", "pages/bandai-channel-page.js", "pages/amazon-prime-page.js", "pages/hulu-page.js", "pages/disney-plus-page.js", "pages/apps-disney-plus-page.js", "pages/viki-page.js", "pages/unext-page.js", "pages/emby-jellyfin-page.js", "pages/osnplus-page.js", "pages/bilibili-page.js", "pages/nrk-tv-page.js", "pages/plex-page.js", "pages/areena-yle-page.js", "anki-ui.js", "mp3-encoder-worker.js", "pgs-parser-worker.js", "video-data-sync-ui.js", "video-select-ui.js", "mobile-video-overlay-ui.html", "mobile-video-overlay-ui.js", "notification-ui.js", "asbplayer-locales/de.json", "asbplayer-locales/en.json", "asbplayer-locales/es.json", "asbplayer-locales/ja.json", "asbplayer-locales/pl.json", "asbplayer-locales/zh_CN.json", "asbplayer-locales/pt_BR.json", "asbplayer-locales/ru.json" ] } ] }
Secure Annex (beta)
Coming soon...