Getro: Contact Sync & Network Management
Version 3.3.0 View in Chrome Web Store
Extension Details
Context-Aware Verdict
The extension has a perfect 5.0 rating but with only 11 reviews, which is insufficient to establish reliability. With just 1,000 users, it lacks the widespread adoption that typically indicates trustworthiness. The developer is associated with getro.com, which appears to be a legitimate networking platform, providing some credibility. However, the small user base and limited review history make it difficult to fully assess the developer's reputation.
The extension requests excessive permissions that far exceed what's necessary for contact sync and network management. The management permission is particularly concerning as it allows control over other extensions, which is completely unrelated to the stated functionality. The webNavigation permission enables comprehensive browsing tracking beyond LinkedIn. The cookies permission combined with broad host permissions creates significant privacy risks. The extension's access to LinkedIn data, while expected, combined with these other permissions creates a dangerous combination for data harvesting.
Given the critical risk level, avoid installing this extension on your primary browser profile. If you must use it, create a dedicated Chrome profile with minimal sensitive data and no other extensions installed. Consider alternative contact management solutions with more limited permissions. Monitor your LinkedIn account closely for any unusual activity if you proceed with installation. The risk-to-benefit ratio appears unfavorable given the extensive permissions requested for basic contact sync functionality.
Findings
Security Analysis Details
Required Permissions:
- scripting
- storage
- webNavigation
- management
- cookies
- alarms
Host Permissions:
- https://www.linkedin.com/*
- *://getro.com/*
- *://*.getro.dev/*
Embedded URLs (53 total):
| http://www.w3.org/1999/xlink | https://reactjs.org/docs/error-decoder.html?invariant= | |
| http://www.w3.org/XML/1998/namespace | http://www.w3.org/2000/svg | |
| http://www.w3.org/1998/Math/MathML | http://www.w3.org/1999/xhtml | |
| http://momentjs.com/guides/#/warnings/define-locale/ | http://momentjs.com/guides/#/warnings/js-date/ | |
| http://momentjs.com/guides/#/warnings/min-max/ | http://momentjs.com/guides/#/warnings/add-inverted-param/ | |
| http://momentjs.com/guides/#/warnings/zone/ | http://momentjs.com/guides/#/warnings/dst-shifted/ | |
| https://bit.ly/3cXEKWf | https://redux.js.org/Errors?code= | |
| https://github.com/reduxjs/redux-toolkit/pull/2481 | https://redux-toolkit.js.org/rtk-query/usage/server-side-rendering | |
| https://cdn.segment.com | https://cdn.segment. | |
| https://git.io/JUIaE# | https://github.com/faisalman/ua-parser-js | |
| http://fb.me/use-check-prop-types | http://www.apache.org/licenses/LICENSE-2.0 | |
| https://formik.org/docs/api/formik# | https://github.com/focus-trap/tabbable/blob/master/LICENSE | |
| https://github.com/focus-trap/focus-trap/blob/master/LICENSE | https://virtuoso.dev/prepend-items. | |
| https://process.filestackapi.com | https://www.filestackapi.com/api/file | |
| https://upload.filestackapi.com | https://cloud.filestackapi.com | |
| https://cdn.filestackcontent.com | https://static.filestackapi.com/picker/ | |
| http://json-schema.org/draft-07/schema# | https://twitter.com/ | |
| https://github.com/ | https://c0b5bf559f64893e1ccb1e6471b7217d@o129958.ingest.sentry.io/4505630874468352 | |
| https://www.linkedin.com | https://marked.js.org/#/USING_ADVANCED.md#options | |
| https://github.com/markedjs/marked. | https://prosemirror.net/docs/guide/#generatable | |
| https://api.vimeo.com/videos/ | https://www.googleapis.com/youtube/v3/videos?id= | |
| https://www.linkedin.com/mynetwork/invite-connect/connections/ | https://sandbox7.getro.dev | |
| https://www.getro.com | https://api.sandbox7.getro.dev/api | |
| https://api.getro.com/api | https://www.linkedin.com/voyager/api/relationships/dash/connections | |
| https://www.linkedin.com/in/ | http://www.example.com | |
| https://clients2.google.com/service/update2/crx | https://www.linkedin.com/ | |
| https://www.robotstxt.org/robotstxt.html |
Raw Manifest
{ "key": "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgLl5JESfjG3HRgOOIpdAL3VjXU+FtPgojQk3/uHO5e5oxT2EXyfOODLOrtC+ArToOrCyoXdKlWEdivC4MGGSE8RPuqt7pq4SVCMvOaeTHXwijQ5666K6hyygyR0PFLGr4/Uc1MT8qwyMuM3KGtvwy7P1BhbtooTPt2Fb9glWuWeWYbNDpmsuVc/9lRsvodTjJiOyQYoiBHypC369GFHkbGqgcmK4ePld9bOAXiIom9ypDp0KL+oNyll4Zvci8ZGcD1WwaIm/BV2MF4jneahvHah62e8PpftyFp5IbOb/dsUwFFJDr/+/BDA/yyyDhT4/E1F4fdvTF+9n0/Q5fzpnhwIDAQAB", "name": "Getro: Contact Sync & Network Management", "icons": { "16": "icons/icon16.png", "48": "icons/icon48.png", "128": "icons/icon128.png" }, "action": { "default_popup": "index.html" }, "version": "3.3.0", "background": { "type": "module", "service_worker": "service-worker-loader.js" }, "update_url": "https://clients2.google.com/service/update2/crx", "description": "Sync contacts from your LinkedIn, your CRM, from your team, and allies into 1 unified database.", "permissions": [ "scripting", "storage", "webNavigation", "management", "cookies", "alarms" ], "content_scripts": [ { "js": [ "assets/index.jsx-loader.js" ], "css": [ "assets/index.css" ], "matches": [ "https://*.linkedin.com/*" ] }, { "js": [ "assets/getUserInformation.js-loader.js" ], "run_at": "document_start", "matches": [ "https://*.linkedin.com/*" ] } ], "host_permissions": [ "https://www.linkedin.com/*", "*://getro.com/*", "*://*.getro.dev/*" ], "manifest_version": 3, "externally_connectable": { "matches": [ "http://localhost/*", "https://*.getro.com/*", "https://*.getro.dev/*" ] }, "web_accessible_resources": [ { "matches": [ "http://localhost/*", "https://*.linkedin.com/*" ], "resources": [ "assets/index.css" ], "use_dynamic_url": false }, { "matches": [ "https://*.linkedin.com/*" ], "resources": [ "assets/index-9bcdcf6a.js", "assets/users-7b11999a.js", "assets/errors-058e9615.js", "assets/web-vitals-d4fac006.js", "assets/auto-track-95685b4c.js", "assets/index-340289f7.js", "assets/index-39ecbc01.js", "assets/index-062c1f9d.js", "assets/index-7d3b3b9c.js", "assets/index-f32b2beb.js", "assets/index-061820a8.js", "assets/is-plan-event-enabled-a83d33b8.js", "assets/index.umd-324322e7.js", "assets/index.jsx-443242f3.js", "assets/getUserInformation.js-25d6d024.js" ], "use_dynamic_url": false } ] }
ⓘ CRXaminer has partnered with our friends at Secure Annex to provide additional findings unique to their platform.
Secure Annex also analyzes extensions from other browsers, IDEs, and can continuously monitor.
This extension may not yet be analyzed by Secure Annex.