Extension Details
Developer:
https://zoho.com/
Rating:
4.2 ★
(45 ratings)
Users:
90,000
Context-Aware Verdict
This section provides a Claude-based AI analysis that applies additional context to the risk. Results are not guaranteed to be accurate.
HIGH
Overall Risk
Trust Factors: This extension is developed by Zoho, a well-established enterprise software company with a strong reputation in the business productivity space. With 90,000 users and a 4.2-star rating, it shows reasonable adoption and user satisfaction. The extension appears to be a legitimate tool for Zoho Writer, their word processing application, which would naturally require content clipping and document management capabilities.
Concerns: The extension requests several high-risk permissions that raise privacy concerns. The clipboardRead permission allows access to potentially sensitive copied content including passwords, personal information, or confidential data. The cookies permission combined with tabs access could enable tracking across websites and session manipulation. The downloads permission provides file system access that could be misused. The broad content script injection across all HTTPS sites (https://*/*) creates extensive web access capabilities that exceed what's typically necessary for a document clipper.
Recommendations: Given the high-risk permissions but legitimate business use case, consider running this extension in a separate Chrome profile dedicated to Zoho services if you regularly use their platform. Regularly review what content you copy to clipboard when the extension is active. Monitor your downloads folder for unexpected files. If you only occasionally use Zoho Writer, consider disabling the extension when not needed and enabling it only during active writing sessions to minimize exposure time.
Findings
This section provides a detailed analysis of the extension's security posture, without broader context. Assumes worst-case impact.
HIGH
High-Risk Permission: clipboardRead
This extension has the clipboardRead permission. Can read clipboard content. This could potentially be used maliciously to compromise security or privacy.
HIGH
High-Risk Permission: cookies
This extension has the cookies permission. Can access and modify browser cookies. This could potentially be used maliciously to compromise security or privacy.
HIGH
High-Risk Permission: downloads
This extension has the downloads permission. Can download files and access download history. This could potentially be used maliciously to compromise security or privacy.
HIGH
High-Risk Permission: tabs
This extension has the tabs permission. Can access browser tab information and manipulate tabs. This could potentially be used maliciously to compromise security or privacy.
MEDIUM
Medium-Risk Permission: contextMenus
This extension has the contextMenus permission. Can add items to the context menu.
MEDIUM
Medium-Risk Permission: notifications
This extension has the notifications permission. Can show notifications.
MEDIUM
Medium-Risk Permission: storage
This extension has the storage permission. Can store data locally.
Security Analysis Details
Required Permissions:
- storage
- cookies
- tabs
- contextMenus
- notifications
- downloads
- downloads.open
- clipboardRead
- background
Host Permissions:
- https://accounts.zoho.com/
- https://accounts.zoho.eu/
- https://accounts.zoho.in/
- https://accounts.zoho.com.au/
- https://accounts.zoho.com.cn/
- https://writer.zoho.in/
- https://writer.zoho.com/
- https://writer.zoho.eu/
- https://writer.zoho.com.au/
- https://writer.zoho.com.cn/
- https://writer.localzoho.com/
- https://accounts.localzoho.com/
Embedded URLs (27 total):
| https://www.zoho.com/writer/ | https://accounts.zoho | |
| https://writer.zoho | https://docs.zoho | |
| https://www.zoho | https://profile.zoho | |
| http://www.w3.org/2000/svg | http://www.w3.org/1999/xlink | |
| https://gist.github.com/harpreetsi/3369391.js | https://www.zoho.com/writer/logout.html | |
| https://docs.zoho/writer/open/ | https://www.zoho.com/writer/images/zoho-writer-logo.png | |
| https://accounts.zoho.com/ | https://accounts.zoho.eu/ | |
| https://accounts.zoho.in/ | https://accounts.zoho.com.au/ | |
| https://accounts.zoho.com.cn/ | https://writer.zoho.in/ | |
| https://writer.zoho.com/ | https://writer.zoho.eu/ | |
| https://writer.zoho.com.au/ | https://writer.zoho.com.cn/ | |
| https://writer.localzoho.com/ | https://accounts.localzoho.com/ | |
| http://clients2.google.com/service/update2/crx | https://static.zohocdn.com/webfonts/lato2regular/font.woff2 | |
| https://static.zohocdn.com/webfonts/lato2bold/font.woff2 |
Raw Manifest
{ "name": "Writer - Extension & Clipper", "icons": { "128": "images/writer-logo.png" }, "action": { "default_icon": "images/writer-logo.png", "default_popup": "html/zwplugin.html", "default_title": "Writer" }, "version": "2.1", "incognito": "split", "update_url": "http://clients2.google.com/service/update2/crx", "description": "Create, access and edit Writer documents from any tab, and clip references to a document.", "permissions": [ "storage", "cookies", "tabs", "contextMenus", "notifications", "downloads", "downloads.open", "clipboardRead", "background" ], "content_scripts": [ { "js": [ "js/storage.js", "js/jquery-2.0.2.min.js", "js/zwpaste.js", "js/constants.js", "js/utils.js", "js/upload.js", "js/tabutils.js", "js/contextmenu.js", "js/clipper.js", "js/download.js" ], "matches": [ "https://*/*" ] } ], "host_permissions": [ "https://accounts.zoho.com/", "https://accounts.zoho.eu/", "https://accounts.zoho.in/", "https://accounts.zoho.com.au/", "https://accounts.zoho.com.cn/", "https://writer.zoho.in/", "https://writer.zoho.com/", "https://writer.zoho.eu/", "https://writer.zoho.com.au/", "https://writer.zoho.com.cn/", "https://writer.localzoho.com/", "https://accounts.localzoho.com/" ], "manifest_version": 3, "web_accessible_resources": [ { "matches": [ "<all_urls>" ], "resources": [ "js/executescript.js" ] } ] }
ⓘ CRXaminer has partnered with our friends at Secure Annex to provide additional findings unique to their platform.
Secure Annex also analyzes extensions from other browsers, IDEs, and can continuously monitor.
Loading Secure Annex data...
Unable to load Secure Annex data.
This extension may not yet be analyzed by Secure Annex.
Detections
0Critical
0
High
0
Medium
0
Low
0
Has Verdicts
Yes
Manifest Findings
0Critical
0
High
0
Medium
0
Low
0
Secure Annex analyzed version: -