Extension Details
Context-Aware Verdict
The extension has a solid user base of 30,000 users and maintains a good rating of 4.3/5 from 1,000 reviews, suggesting legitimate functionality and user satisfaction. However, the lack of visible developer information and company details reduces transparency and accountability.
The extension's permission set is concerning given the missing description. The combination of tabs permission, scripting capabilities, and broad host permissions (<all_urls>) creates a powerful access profile that could be misused. Without knowing the extension's intended purpose, it's difficult to justify why it needs access to all websites and tab manipulation capabilities. The offscreen permission adds another layer of potential background activity that users cannot directly observe.
The most significant red flag is the broad host permissions combined with scripting access, which theoretically allows the extension to inject code into any website you visit. This creates substantial potential for data harvesting, credential theft, or malicious script injection.
Consider running this extension in a separate Chrome profile to isolate potential risks from your main browsing activities. Before installation, research the extension's actual functionality to determine if the extensive permissions are justified. Monitor your browsing behavior for any unusual activity if you choose to keep it installed. Consider seeking alternative extensions with more limited permissions if similar functionality is available elsewhere.
Findings
Security Analysis Details
Required Permissions:
- tabs
- offscreen
- storage
- scripting
Host Permissions:
- <all_urls>
Embedded URLs (4 total):
| http://www.php.net/manual/en/function.imagecreatefromgif.php#104473 | https://clients2.google.com/service/update2/crx | |
| https://codeberg.org/abstiles/deluminate/issues | http://www.w3.org/2000/svg |
Raw Manifest
{ "name": "Deluminate", "icons": { "128": "deluminate-128.png" }, "action": { "default_icon": { "128": "deluminate-128.png" }, "default_popup": "popup.html", "default_title": "Deluminate (Shift+F11)" }, "version": "1.1.0", "commands": { "command_toggle_site": { "description": "Toggle inversion on a site" }, "command_toggle_global": { "description": "Toggle Deluminate on/off" } }, "background": { "type": "module", "scripts": [ "background.js" ], "service_worker": "background.js" }, "update_url": "https://clients2.google.com/service/update2/crx", "description": "Invert the luminance of a website to make it easier on the eyes.", "permissions": [ "tabs", "offscreen", "storage", "scripting" ], "options_page": "options.html", "host_permissions": [ "<all_urls>" ], "manifest_version": 3, "web_accessible_resources": [ { "matches": [ "<all_urls>" ], "resources": [ "deluminate.css" ] } ], "browser_specific_settings": { "gecko": { "id": "deluminate@deluminate.com", "strict_min_version": "142.0", "data_collection_permissions": { "required": [ "none" ] } } } }
ⓘ CRXaminer has partnered with our friends at Secure Annex to provide additional findings unique to their platform.
Secure Annex also analyzes extensions from other browsers, IDEs, and can continuously monitor.
This extension may not yet be analyzed by Secure Annex.