[ new scan ] [ statistics ] [ github ] [ twitter ] [ help ]

A11Y - Color blindness empathy test

Version 1.0.1 View in Chrome Web Store

Last scanned: about 3 hours ago

Extension Details

Rating: 4.3 ★ (7 ratings)

Users: 1,000

Context-Aware Verdict

HIGH

Overall Risk

Trust Factors: The extension has a reasonable purpose (color blindness empathy testing) and maintains a good rating of 4.3/5. However, the limited user base of only 1,000 downloads and 7 reviews suggests minimal community validation. The lack of visible developer information reduces transparency and accountability.

Concerns: The primary concern is the excessive permissions for what should be a simple accessibility tool. The <all_urls> permission grants access to every website you visit, which is unnecessary for a color blindness testing tool that should only need to modify visual elements on specific pages when activated. The combination of activeTab and <all_urls> creates redundant but overly broad access. The use of Manifest V2 indicates outdated security practices, as newer extensions should migrate to the more secure V3 standard.

Recommendations: Given the high-risk permissions that seem disproportionate to the extension's stated purpose, consider running this extension in a separate Chrome profile if you must use it. This isolates it from your main browsing data and other extensions. Alternatively, look for similar accessibility tools that use more restrictive permissions or are built with Manifest V3. Before installation, verify the developer's reputation and consider whether the functionality justifies the broad access permissions being requested.

Findings

HIGH

High-Risk Permission: <all_urls>

This extension has the <all_urls> permission. Can access all websites and their content. This could potentially be used maliciously to compromise security or privacy.

MEDIUM

Medium-Risk Permission: activeTab

This extension has the activeTab permission. Can access the active tab when clicking the extension icon.

MEDIUM

Older Manifest Version

This extension uses Manifest Version 2, which has fewer security restrictions than Manifest V3. Consider using extensions that have upgraded to V3.

Raw Manifest

{
  "name": "A11Y - Color blindness empathy test",
  "icons": {
    "16": "icons/icon16.png",
    "32": "icons/icon32.png",
    "48": "icons/icon48.png",
    "128": "icons/icon128.png"
  },
  "author": "Vincent Humeau",
  "version": "1.0.1",
  "update_url": "https://clients2.google.com/service/update2/crx",
  "description": "Empathy test for color blindness and visual impairment",
  "permissions": [
    "activeTab",
    "<all_urls>",
    "file://*/*",
    "http://*/*",
    "https://*/*"
  ],
  "homepage_url": "https://github.com/vinceumo/A11Y-Color-Blindness-Empathy-Test",
  "browser_action": {
    "default_icon": {
      "16": "icons/icon16.png",
      "32": "icons/icon32.png",
      "48": "icons/icon48.png",
      "128": "icons/icon128.png"
    },
    "default_popup": "popup/choose_test.html",
    "default_title": "A11Y - Color blindness empathy test"
  },
  "manifest_version": 2
}

by ✦ Astarte

http://www.w3.org/2000/svg	https://clients2.google.com/service/update2/crx
https://github.com/vinceumo/A11Y-Color-Blindness-Empathy-Test	https://developer.mozilla.org/docs/Mozilla/Add-ons/WebExtensions/API/runtime/onMessage
https://github.com/mozilla/webextension-polyfill	http://mozilla.org/MPL/2.0/.
https://fonts.googleapis.com/css?family=Asap:400	https://vinceumo.github.io/A11Y-Color-Blindness-Empathy-Test/

A11Y - Color blindness empathy test

Extension Details

Context-Aware Verdict

Findings

Security Analysis Details

Required Permissions:

Embedded URLs (8 total):

Raw Manifest

Detections

Manifest Findings