[ new scan ] [ statistics ] [ github ] [ twitter ] [ help ]

Auto Meeting Log for Google Meet

Version 1.2.1 View in Chrome Web Store

Last scanned: about 5 hours ago

Extension Details

Rating: 4.6 ★ (21 ratings)

Users: 762

Context-Aware Verdict

MEDIUM

Overall Risk

Trust Factors: The extension has a decent rating of 4.6 stars from 21 reviews, indicating generally positive user experiences. However, the low user count of 762 and lack of visible developer information raises some transparency concerns. The specific focus on Google Meet functionality aligns with its stated purpose.

Concerns:

- The "Broad Host Permissions" finding is misleading in this case - the extension only requests access to meet.google.com, which is appropriate for its Google Meet logging functionality

- Storage permission allows local data retention, which could include meeting information and potentially sensitive conversation details

- Limited developer transparency with no visible company information or support details

- Relatively small user base makes it harder to assess long-term reliability and security track record

- Content script injection into Google Meet could theoretically access all meeting content, participant information, and chat messages

Recommendations:

Consider running this extension in a separate Chrome profile if you frequently handle confidential meetings. Review what specific meeting data the extension collects and stores locally. Monitor the extension's behavior during meetings to ensure it only logs intended information. Given the legitimate need for meet.google.com access for its core functionality, the host permissions are actually appropriate rather than overly broad. Consider alternatives with larger user bases or more established developers if handling highly sensitive meetings.

Findings

HIGH

Broad Host Permissions

This extension has broad host permissions allowing it to access many or all websites. This could potentially be used to steal sensitive data or track browsing activity.

MEDIUM

Access to Sensitive Domains

This extension requests access to sensitive domains: https://meet.google.com/*. Ensure you trust this extension with access to these sites.

MEDIUM

Medium-Risk Permission: storage

This extension has the storage permission. Can store data locally.

Raw Manifest

{
  "name": "Auto Meeting Log for Google Meet",
  "icons": {
    "128": "images/128-AutoMeetingLog.png"
  },
  "action": {
    "default_icon": {
      "128": "images/128-AutoMeetingLog.png"
    },
    "default_popup": "options.html"
  },
  "version": "1.2.1",
  "background": {
    "type": "module",
    "service_worker": "background.js"
  },
  "update_url": "https://clients2.google.com/service/update2/crx",
  "description": "Automatically turns on Google Meet captions and saves them.",
  "permissions": [
    "storage"
  ],
  "content_scripts": [
    {
      "js": [
        "content.js"
      ],
      "matches": [
        "https://meet.google.com/*"
      ]
    }
  ],
  "host_permissions": [
    "https://meet.google.com/*"
  ],
  "manifest_version": 3,
  "web_accessible_resources": [
    {
      "matches": [
        "<all_urls>"
      ],
      "resources": [
        "meetings.html"
      ]
    }
  ]
}

by ✦ Astarte

https://meet.google.com/	https://clients2.google.com/service/update2/crx
https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.5.1/css/all.min.css	https://cdn.jsdelivr.net/npm/bootstrap@5.1.3/dist/css/bootstrap.min.css
https://cdn.jsdelivr.net/npm/bootstrap-icons@1.7.2/font/bootstrap-icons.css	https://getbootstrap.com/
https://github.com/twbs/bootstrap/blob/main/LICENSE	http://www.w3.org/2000/svg
https://github.com/twbs/bootstrap/graphs/contributors	https://popper.js.org

Auto Meeting Log for Google Meet

Extension Details

Context-Aware Verdict

Findings

Security Analysis Details

Required Permissions:

Host Permissions:

Embedded URLs (10 total):

Raw Manifest

Detections

Manifest Findings