Bookmarks Backuper
Version 0.2.0.15 View in Chrome Web Store
Last scanned: 1 day ago
| force re-scan
Extension Details
Developer:
bookmarksbackuper.com
Rating:
3.9 ★
(45 ratings)
Users:
1,000
Context-Aware Verdict
This section provides a Claude-based AI analysis that applies additional context to the risk. Results are not guaranteed to be accurate.
HIGH
Overall Risk
Trust Factors: The extension has a modest user base of 1,000 users with a decent 3.9-star rating from 45 reviews, suggesting some level of user satisfaction. The developer uses a domain-specific website (bookmarksbackuper.com) which indicates some investment in the project. However, the relatively small user base and lack of detailed developer information limit trust assessment.
Concerns: The extension requests highly sensitive permissions that align with its stated purpose but pose significant privacy risks. The identity permission allows access to your Google account information, which could be exploited for unauthorized access to other Google services. The bookmarks permission grants full read/write access to all your bookmarks, including potentially sensitive URLs and personal browsing patterns. The combination of identity and bookmarks permissions creates a particularly concerning scenario where your bookmark data could be linked to your personal identity and potentially transmitted to external servers.
The CSP shows connections to various Google services including Google Sheets and Docs, suggesting data may be exported to these platforms, which increases exposure risk.
Recommendations: Consider running this extension in a separate Chrome profile to isolate it from your main browsing data. Before installation, verify the developer's privacy policy and data handling practices. Regularly audit what bookmark data might be accessible and consider using it only with non-sensitive bookmarks. Monitor your Google account activity for any unusual access patterns after installation.
Findings
This section provides a detailed analysis of the extension's security posture, without broader context. Assumes worst-case impact.
HIGH
High-Risk Permission: bookmarks
This extension has the bookmarks permission. Can access and modify bookmarks. This could potentially be used maliciously to compromise security or privacy.
HIGH
High-Risk Permission: identity
This extension has the identity permission. Can access your identity information. This could potentially be used maliciously to compromise security or privacy.
MEDIUM
Medium-Risk Permission: storage
This extension has the storage permission. Can store data locally.
Security Analysis Details
Required Permissions:
- identity
- bookmarks
- storage
Content Security Policy:
- extension_pages: require-trusted-types-for 'script'; trusted-types 'none'; child-src 'none'; connect-src https://accounts.google.com https://chromewebstore.google.com https://clouderrorreporting.googleapis.com https://docs.google.com https://sheets.googleapis.com https://www.googleapis.com; default-src 'none'; font-src 'none'; frame-src 'none'; img-src 'none'; manifest-src 'none'; media-src 'none'; object-src 'none'; script-src 'none'; script-src-elem 'nonce-bb_nonce'; script-src-attr 'none'; style-src 'none'; style-src-elem 'nonce-bb_nonce'; style-src-attr 'none'; worker-src 'none'; base-uri 'none'; form-action 'none'; frame-ancestors 'none'
Embedded URLs (29 total):
| https://developer.chrome.com/docs/extensions/reference/api/bookmarks#property-BookmarkTreeNode-parentId | https://developer.chrome.com/docs/extensions/reference/api/bookmarks#property-BookmarkTreeNode-url | |
| https://clouderrorreporting.googleapis.com/v1beta1/projects/%s/events:report | https://chromewebstore.google.com/detail/bookmarks-backuper/jdcbhaadjnkcdklbjkmgbpjaoonekpjd/reviews | |
| https://docs.google.com/spreadsheets/d/%s/edit | https://sheets.googleapis.com/v4/spreadsheets/%s/values/A2:D:clear | |
| https://sheets.googleapis.com/v4/spreadsheets/%s/values/A2:D | https://www.googleapis.com/drive/v3/files | |
| https://sheets.googleapis.com/v4/spreadsheets | https://www.googleapis.com/drive/v3/files/%s | |
| https://accounts.google.com/o/oauth2/revoke?token=%s | https://developer.mozilla.org/en-US/docs/Learn/JavaScript/Objects/Object_prototypes#using_a_constructor | |
| https://tc39.es/ecma262/#sec-time-values-and-time-range | https://2ality.com/2014/05/is-integer.html | |
| https://tc39.es/ecma262/#integral-number | https://cloud.google.com/error-reporting/reference/rest/v1beta1/projects.events/report#response-body | |
| https://clients2.google.com/service/update2/crx | https://accounts.google.com | |
| https://chromewebstore.google.com | https://clouderrorreporting.googleapis.com | |
| https://docs.google.com | https://sheets.googleapis.com | |
| https://www.googleapis.com | https://www.googleapis.com/auth/drive.file | |
| https://cloud.google.com/storage/docs/exponential-backoff | https://developers.google.com/workspace/drive/api/guides/performance#partial-response | |
| https://developers.google.com/workspace/drive/api/guides/fields-parameter | https://cloud.google.com/apis/docs/system-parameters#definitions | |
| https://community.zapier.com/how-do-i-3/google-sheets-creates-new-row-copies-formatting-from-previous-row-when-adding-manychat-options-2094 |
Raw Manifest
{ "name": "Bookmarks Backuper", "icons": { "16": "img/icon128.png", "48": "img/icon128.png", "128": "img/icon128.png" }, "action": { "default_popup": "popup.html", "default_title": "Show Bookmarks Backup" }, "oauth2": { "scopes": [ "https://www.googleapis.com/auth/drive.file" ], "client_id": "788587416670-d3i89ech7a4pv33qas2stflslookq0el.apps.googleusercontent.com" }, "version": "0.2.0.15", "background": { "service_worker": "service_worker.js" }, "update_url": "https://clients2.google.com/service/update2/crx", "description": "Never lose your Chrome bookmarks again!", "permissions": [ "identity", "bookmarks", "storage" ], "manifest_version": 3, "content_security_policy": { "extension_pages": "require-trusted-types-for 'script'; trusted-types 'none'; child-src 'none'; connect-src https://accounts.google.com https://chromewebstore.google.com https://clouderrorreporting.googleapis.com https://docs.google.com https://sheets.googleapis.com https://www.googleapis.com; default-src 'none'; font-src 'none'; frame-src 'none'; img-src 'none'; manifest-src 'none'; media-src 'none'; object-src 'none'; script-src 'none'; script-src-elem 'nonce-bb_nonce'; script-src-attr 'none'; style-src 'none'; style-src-elem 'nonce-bb_nonce'; style-src-attr 'none'; worker-src 'none'; base-uri 'none'; form-action 'none'; frame-ancestors 'none'" } }
ⓘ CRXaminer has partnered with our friends at Secure Annex to provide additional findings unique to their platform.
Secure Annex also analyzes extensions from other browsers, IDEs, and can continuously monitor.
Loading Secure Annex data...
Unable to load Secure Annex data.
This extension may not yet be analyzed by Secure Annex.
Detections
0Critical
0
High
0
Medium
0
Low
0
Has Verdicts
Yes
Manifest Findings
0Critical
0
High
0
Medium
0
Low
0
Secure Annex analyzed version: -