JP English Dictionary: English to 200 Languages
Version 1.1.2 View in Chrome Web Store
Extension Details
Context-Aware Verdict
The extension has a perfect 5.0 rating with 1,200 reviews and 4,000 users, which suggests positive user experiences. However, the developer information is minimal, with only a website domain provided (jpdictionary.com) and no established company reputation or transparency about the development team.
The extension's permissions are extremely excessive for a dictionary tool. The combination of broad host permissions, content script injection across all websites, and unsafe WebAssembly execution creates a dangerous attack surface. A dictionary extension should not need to track web navigation, access all tabs, or inject scripts into every website you visit. The 'wasm-unsafe-eval' policy is particularly concerning as it allows execution of potentially obfuscated malicious code. These permissions would allow the extension to monitor your entire browsing activity, steal credentials from any website, and potentially perform cryptocurrency mining or other resource-intensive operations without your knowledge.
Do not install this extension due to its critical risk level. If you absolutely need this specific dictionary functionality, create a separate Chrome profile with no sensitive accounts or data, and only use it for translation purposes. Consider alternative dictionary extensions with more reasonable permissions, or use web-based translation services instead. The excessive permissions far exceed what's necessary for language translation functionality.
Findings
Security Analysis Details
Required Permissions:
- storage
- tts
- tabs
- scripting
- contextMenus
- webNavigation
Host Permissions:
- <all_urls>
Content Security Policy:
- extension_pages: script-src 'self' 'wasm-unsafe-eval' ; object-src 'none'
Embedded URLs (126 total):
| http://www.apache.org/licenses/ | https://getbootstrap.com/ | |
| https://github.com/twbs/bootstrap/blob/master/LICENSE | http://www.w3.org/2000/svg | |
| http://www.apache.org/licenses/LICENSE-2.0 | https://bugzilla.mozilla.org/show_bug.cgi?id=706209 | |
| https://github.com/adobe-type-tools/cmap-resources | https://popper.js.org/ | |
| https://github.com/crypto-browserify/crypto-browserify | https://papago.naver.com/apis/langs/dect | |
| https://papago.naver.com/apis/n2mt/translate | https://github.com/uuidjs/uuid#getrandomvalues-not-supported | |
| https://registry.npmjs.org/axios/-/axios-0.21.4.tgz | https://github.com/axios/axios/issues | |
| https://axios-http.com | https://github.com/axios/axios.git | |
| https://www.bing.com/translator | https://www.bing.com/ttranslatev3?isVertical=1&& | |
| https://translate.googleapis.com/translate_a/t? | https://english.jpdictionary.com/en/setting | |
| https://jpdictionary.com | https://english.jpdictionary.com/?word= | |
| https://english.jpdictionary.com/ | http://www.w3.org/XML/1998/namespace | |
| http://www.w3.org/1999/xlink | http://www.xfa.org/schema/xci/ | |
| http://www.xfa.org/schema/xfa-connection-set/ | http://www.xfa.org/schema/xfa-data/ | |
| http://www.xfa.org/schema/xfa-form/ | http://www.xfa.org/schema/xfa-locale-set/ | |
| http://ns.adobe.com/xdp/pdf/ | http://www.w3.org/2000/09/xmldsig# | |
| http://www.xfa.org/schema/xfa-source-set/ | http://www.w3.org/1999/XSL/Transform | |
| http://www.xfa.org/schema/xfa-template/ | http://www.xfa.org/schema/xdc/ | |
| http://ns.adobe.com/xdp/ | http://ns.adobe.com/xfdf/ | |
| http://www.w3.org/1999/xhtml | http://ns.adobe.com/xmpmeta/ | |
| http://www.w3.org/1998/Math/MathML | https://vuetifyjs.com/getting-started/quick-start#bootstrapping-the-vuetify-object | |
| https://github.com/vuetifyjs/vuetify/issues/4068 | https://github.com/vuetifyjs/vuetify/releases/tag/v2.0.0#user-content-upgrade-guide | |
| https://chromewebstore.google.com/detail/ijdelikbohnbiacoipaclicioknnihni | https://github.com/zloirock/core-js/blob/v3.25.4/LICENSE | |
| https://github.com/zloirock/core-js | https://envi.jpdictionary.com/popup/comments.png | |
| https://en.jpdictionary.com/api/ | https://translate.googleapis.com/translate_a/single?client=gtx&sl= | |
| https://bit.ly/2ZqJzkp | https://ezse.net/other/grade/gpa.html?data= | |
| https://ezse.net/other/grade/percentagegrade.html?data= | http://mozilla.github.io | |
| https://mozilla.github.io | http://example.com | |
| https://clients2.google.com/service/update2/crx | http://docs.nwjs.io/en/latest/For%20Users/Advanced/JavaScript%20Contexts%20in%20NW.js/#access-nodejs-and-nwjs-api-in-browser-context | |
| https://www.electronjs.org/docs/api/process#processversionselectron-readonly | https://www.electronjs.org/docs/api/process#processtype-readonly | |
| https://github.com/webpack/webpack/issues/8826 | https://bugzilla.mozilla.org/show_bug.cgi?id=683280 | |
| https://bugs.chromium.org/p/chromium/issues/detail?id=1170396 | http://www.wolframalpha.com/input/? | |
| https://bugzilla.mozilla.org/show_bug.cgi?id=726227 | https://bugzilla.mozilla.org/show_bug.cgi?id=664884 | |
| https://bugzilla.mozilla.org/show_bug.cgi?id=972126 | http://www.libpng.org/pub/png/spec/1.2/PNG-Compression.html | |
| https://nodejs.org/api/http.html#http_message_headers. | https://github.com/Rob--W/open-in-browser/blob/7e2e35a38b8b4e981b11da7b2f01df0149049e92/extension/content-disposition.js | |
| https://github.com/Rob--W/open-in-browser/issues/26 | https://bugzil.la/875615 | |
| https://searchfox.org/mozilla-central/rev/4a590a5a15e35d88a3b23dd6ac3c471cf85b04a8/netwerk/mime/nsMIMEHeaderParamImpl.cpp#742-748 | http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.35.2: | |
| https://chromium.googlesource.com/chromium/src/+/2e231cf052ca5e68e22baf0008ac9e5e29121707 | https://chromium.googlesource.com/chromium/src.git/+/58ab4a971b06dec13e4edf9de8382ca6847f6190 | |
| https://github.com/mozilla/pdf.js.quickjs/blob/main/src/myjs.js | http://www.jpeg.org/public/fcd15444-1.pdf | |
| https://github.com/notmasteryet/jpgjs. | http://www.poynton.com/notes/colour_and_gamma/ColorFAQ.html |
Raw Manifest
{ "name": "__MSG_appName__", "icons": { "16": "icons/icon_16.png", "32": "icons/icon_32.png", "48": "icons/icon_48.png", "128": "icons/icon_128.png" }, "action": { "default_popup": "popup.html", "default_title": "Japanese Dictionary JP" }, "omnibox": { "keyword": "jp" }, "sandbox": { "pages": [ "opencvHandler.html" ] }, "version": "1.1.2", "background": { "service_worker": "background.js" }, "options_ui": { "page": "popup.html" }, "update_url": "https://clients2.google.com/service/update2/crx", "description": "__MSG_appDesc__", "permissions": [ "storage", "tts", "tabs", "scripting", "contextMenus", "webNavigation" ], "default_locale": "en", "content_scripts": [ { "js": [ "contentScript.js" ], "css": [ "bootstrapcustom.min.css" ], "run_at": "document_idle", "matches": [ "<all_urls>" ], "all_frames": true } ], "host_permissions": [ "<all_urls>" ], "manifest_version": 3, "content_security_policy": { "extension_pages": "script-src 'self' 'wasm-unsafe-eval' ; object-src 'none'" }, "web_accessible_resources": [ { "matches": [ "<all_urls>" ], "resources": [ "pdfjs/web/viewer.html", "opencvHandler.html" ] } ] }
ⓘ CRXaminer has partnered with our friends at Secure Annex to provide additional findings unique to their platform.
Secure Annex also analyzes extensions from other browsers, IDEs, and can continuously monitor.
This extension may not yet be analyzed by Secure Annex.