Tab Activate

Version 3.2.1 View in Chrome Web Store

Last scanned: 27 days ago | force re-scan

Extension Details

Rating: 4.1 ★ (271 ratings)

Users: 50,000

Context-Aware Verdict

HIGH

Overall Risk

Trust Factors:

The extension has a moderate user base of 50,000 users and a decent rating of 4.1 stars from 271 reviews, suggesting some level of user satisfaction. However, the lack of clear author and developer information raises transparency concerns. The simple name "Tab Activate" suggests basic tab management functionality.

Concerns:

The extension exhibits concerning permission patterns that exceed what would be expected for basic tab activation. The combination of tabs permission with content script injection across all URLs creates significant privacy and security risks. The ability to inject scripts into every website visited means the extension could potentially capture sensitive information like passwords, banking details, or personal data from any site. The tabs permission allows monitoring of browsing behavior and tab manipulation beyond simple activation.

The broad content script access is particularly concerning as it's unnecessary for basic tab switching functionality, suggesting either poor security practices or potentially malicious intent.

Recommendations:

Given the high risk level, consider running this extension in a separate Chrome profile to isolate potential security threats. Before installation, verify if the tab activation functionality is truly needed, as Chrome's built-in tab management features may suffice. If you must use it, regularly monitor your browsing for unusual behavior and consider using it only on non-sensitive websites. Look for alternative extensions with more limited permissions that achieve the same functionality.

Findings

HIGH

Broad Content Script Injection

This extension can inject scripts into any website. This means it could potentially read sensitive data, modify website content, or steal credentials.

HIGH

High-Risk Permission: tabs

This extension has the tabs permission. Can access browser tab information and manipulate tabs. This could potentially be used maliciously to compromise security or privacy.

Raw Manifest

{
  "name": "Tab Activate",
  "icons": {
    "48": "icon48.png",
    "128": "icon128.png"
  },
  "version": "3.2.1",
  "background": {
    "service_worker": "background.js"
  },
  "update_url": "https://clients2.google.com/service/update2/crx",
  "description": "New tabs open immediately instead of in the background",
  "permissions": [
    "tabs"
  ],
  "content_scripts": [
    {
      "js": [
        "content.js"
      ],
      "run_at": "document_idle",
      "matches": [
        "<all_urls>"
      ]
    }
  ],
  "manifest_version": 3
}

by ✦ Astarte

Tab Activate

Extension Details

Context-Aware Verdict

Findings

Security Analysis Details

Required Permissions:

Embedded URLs (1 total):

Raw Manifest

Detections

Manifest Findings