[ new scan ] [ statistics ] [ github ] [ twitter ] [ help ]

InspecteurA11y

Version 2.1 View in Chrome Web Store

Last scanned: about 2 hours ago

Extension Details

Rating: 5.0 ★ (3 ratings)

Users: 491

Context-Aware Verdict

HIGH

Overall Risk

Trust Factors:

The extension has a perfect 5.0 rating but with only 3 reviews, making this rating statistically insignificant. With just 491 users and no clear developer information provided, the extension lacks established credibility. The name "InspecteurA11y" suggests it's an accessibility inspection tool, which would legitimately require broad web access to analyze websites for accessibility compliance.

Concerns:

The extension's permissions are extremely broad for its apparent purpose. While accessibility testing tools do need to access web content, the combination of universal host permissions and content script injection across all URLs creates significant security exposure. The ability to inject scripts into every website visited means it could potentially capture sensitive information like passwords, personal data, or financial details. The lack of transparency about the developer and minimal user base raises additional red flags about accountability and trustworthiness.

Recommendations:

Given the high risk level, consider running this extension in a separate Chrome profile dedicated to accessibility testing work. Only enable it when actively conducting accessibility audits, and disable it during regular browsing. Before installation, verify the developer's credentials and look for alternative accessibility tools from more established sources. If you must use this extension, avoid accessing sensitive websites (banking, email, social media) while it's active. Consider using browser developer tools' built-in accessibility features as a safer alternative for basic accessibility testing needs.

Findings

HIGH

Broad Content Script Injection

This extension can inject scripts into any website. This means it could potentially read sensitive data, modify website content, or steal credentials.

HIGH

Broad Host Permissions

This extension has broad host permissions allowing it to access many or all websites. This could potentially be used to steal sensitive data or track browsing activity.

MEDIUM

Medium-Risk Permission: activeTab

This extension has the activeTab permission. Can access the active tab when clicking the extension icon.

Raw Manifest

{
  "name": "InspecteurA11y",
  "action": {
    "default_icon": "img/icon.png",
    "default_popup": "popup.html"
  },
  "version": "2.1",
  "background": {
    "service_worker": "background.js"
  },
  "update_url": "https://clients2.google.com/service/update2/crx",
  "description": "Outil permettant de rapidement trouver des composants sur une page",
  "permissions": [
    "activeTab",
    "scripting"
  ],
  "content_scripts": [
    {
      "js": [
        "scripts/jquery.min.js",
        "content.js"
      ],
      "matches": [
        "<all_urls>"
      ]
    }
  ],
  "host_permissions": [
    "http://*/*",
    "https://*/*"
  ],
  "manifest_version": 3
}

by ✦ Astarte

http://www.w3.org/2000/svg	http://www.w3.org/1999/xlink
http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd	https://clients2.google.com/service/update2/crx
https://www.ipedis.com/	https://www.w3.org/Consortium/Legal/2015/copyright-software-and-document
https://fonts.googleapis.com/css2?family=Nunito:wght@400

InspecteurA11y

Extension Details

Context-Aware Verdict

Findings

Security Analysis Details

Required Permissions:

Host Permissions:

Embedded URLs (7 total):

Raw Manifest

Detections

Manifest Findings