Tab Activate

Version 3.2.1 View in Chrome Web Store

Last scanned: 2 months ago | force re-scan

Extension Details

Rating: 4.0 ★ (273 ratings)

Users: 50,000

Context-Aware Verdict

HIGH

Overall Risk

Trust Factors:

The extension has a moderate user base of 50,000 users and a decent 4.0-star rating from 273 reviews, which suggests some level of user satisfaction. However, the lack of developer information and company details raises transparency concerns. The generic name "Tab Activate" provides limited insight into the extension's specific functionality.

Concerns:

The extension exhibits two significant security risks that justify the high-risk classification. The tabs permission combined with content script injection across all URLs creates a powerful combination that could be exploited maliciously. The ability to access tab information while simultaneously injecting scripts into every website visited creates potential attack vectors for credential theft, session hijacking, or unauthorized data collection. The broad scope of content script injection is particularly concerning as it affects all websites without restriction.

Recommendations:

Consider running this extension in a separate Chrome profile to isolate potential security risks from your main browsing activities. Before installation, carefully evaluate whether the extension's functionality truly requires such extensive permissions. Monitor the extension's behavior closely and be cautious when visiting sensitive websites like banking or email services. Consider alternative extensions with more limited permissions if similar functionality is available. Regularly review and audit installed extensions, removing those that are no longer essential.

Findings

HIGH

Broad Content Script Injection

This extension can inject scripts into any website. This means it could potentially read sensitive data, modify website content, or steal credentials.

HIGH

High-Risk Permission: tabs

This extension has the tabs permission. Can access browser tab information and manipulate tabs. This could potentially be used maliciously to compromise security or privacy.

Raw Manifest

{
  "name": "Tab Activate",
  "icons": {
    "48": "icon48.png",
    "128": "icon128.png"
  },
  "version": "3.2.1",
  "background": {
    "service_worker": "background.js"
  },
  "update_url": "https://clients2.google.com/service/update2/crx",
  "description": "New tabs open immediately instead of in the background",
  "permissions": [
    "tabs"
  ],
  "content_scripts": [
    {
      "js": [
        "content.js"
      ],
      "run_at": "document_idle",
      "matches": [
        "<all_urls>"
      ]
    }
  ],
  "manifest_version": 3
}

by ✦ Astarte

Tab Activate

Extension Details

Context-Aware Verdict

Findings

Security Analysis Details

Required Permissions:

Embedded URLs (1 total):

Raw Manifest

Detections

Manifest Findings