GPTZero: AI Detection & Writing Replay
Version 2026.2.4 View in Chrome Web Store
Last scanned: about 2 hours ago
Extension Details
Developer:
15020131 Canada Inc.
Rating:
4.4 ★
(315 ratings)
Users:
400,000
Context-Aware Verdict
This section provides a Claude-based AI analysis that applies additional context to the risk. Results are not guaranteed to be accurate.
CRITICAL
Overall Risk
Trust Factors:
GPTZero is a legitimate AI detection service with 400,000 users and a solid 4.4-star rating, indicating genuine utility for detecting AI-generated content. The company 15020131 Canada Inc. appears to be the official developer behind the GPTZero service. The extension's purpose aligns with current needs for AI content detection in educational and professional settings.
Concerns:
The extension exhibits several concerning security patterns despite its legitimate purpose. The broad content script injection across all websites creates significant attack surface, allowing the extension to read and modify any webpage you visit. The cookies permission combined with tabs access enables comprehensive tracking of your browsing behavior. The extensive host permissions, while including expected domains like Google Docs and ChatGPT, grant unnecessary access to localhost and broad web access. The storage permission allows persistent data collection on your device.
Recommendations:
Given the critical risk level, consider running this extension in a dedicated Chrome profile isolated from sensitive browsing activities. Only enable it when actively using AI detection features, then disable it afterward. Review the extension's privacy policy carefully to understand data collection practices. Consider using GPTZero's web interface directly instead of the extension when possible. If you must use the extension, avoid browsing sensitive sites (banking, personal accounts) in the same profile, and regularly audit what data the extension has stored.
Findings
This section provides a detailed analysis of the extension's security posture, without broader context. Assumes worst-case impact.
HIGH
Broad Content Script Injection
This extension can inject scripts into any website. This means it could potentially read sensitive data, modify website content, or steal credentials.
HIGH
Broad Host Permissions
This extension has broad host permissions allowing it to access many or all websites. This could potentially be used to steal sensitive data or track browsing activity.
HIGH
High-Risk Permission: cookies
This extension has the cookies permission. Can access and modify browser cookies. This could potentially be used maliciously to compromise security or privacy.
HIGH
High-Risk Permission: tabs
This extension has the tabs permission. Can access browser tab information and manipulate tabs. This could potentially be used maliciously to compromise security or privacy.
MEDIUM
Access to Sensitive Domains
This extension requests access to sensitive domains: https://docs.google.com/*, https://classroom.google.com/*, https://assignments.google.com/*. Ensure you trust this extension with access to these sites.
MEDIUM
Medium-Risk Permission: contextMenus
This extension has the contextMenus permission. Can add items to the context menu.
MEDIUM
Medium-Risk Permission: storage
This extension has the storage permission. Can store data locally.
Security Analysis Details
Required Permissions:
- scripting
- cookies
- storage
- contextMenus
- tabs
- alarms
Host Permissions:
- http://localhost/*
- https://*.gptzero.me/*
- https://*.growthbook.io/*
- https://docs.google.com/*
- https://classroom.google.com/*
- https://assignments.google.com/*
- https://chatgpt.com/*
Embedded URLs (103 total):
| https://reactjs.org/docs/error-decoder.html?invariant= | http://www.w3.org/1999/xlink | |
| http://www.w3.org/XML/1998/namespace | http://www.w3.org/2000/svg | |
| http://www.w3.org/1998/Math/MathML | http://www.w3.org/1999/xhtml | |
| https://sentry.io/welcome/ | https://api2.amplitude.com/2/httpapi | |
| https://api.eu.amplitude.com/batch | https://api.eu.amplitude.com/2/httpapi | |
| https://api2.amplitude.com/batch | https://feross.org/opensource | |
| https://feross.org | https://buy.stripe.com/test_6oEeXA7rc6GwbXa3cj | |
| https://buy.stripe.com/test_5kAeXA6n8e8Y6CQ7sw | https://buy.stripe.com/test_3csbLoeTE5Csgdq3ci | |
| https://buy.stripe.com/test_7sIbLoaDoc0Q6CQ4gj | https://buy.stripe.com/test_eVabLo6n87KAe5i5kp | |
| https://buy.stripe.com/test_fZedTwbHs3uk2mAcMO | https://api.lab.amplitude.com | |
| https://flag.lab.amplitude.com | https://api.lab.eu.amplitude.com | |
| https://flag.lab.eu.amplitude.com | http://jedwatson.github.io/classnames | |
| https://npms.io/search?q=ponyfill. | https://lodash.com/ | |
| https://openjsf.org/ | https://lodash.com/license | |
| http://underscorejs.org/LICENSE | https://gptzero.me/terms-of-use.html | |
| https://gptzero.me/privacy-policy.html | https://gptzero.notion.site/GPTZero-Release-Notes-Model-and-API-6f58686f6381498baef35212463b7da6 | |
| https://api.hubspot.com/events/v3/send | https://chromewebstore.google.com/detail/kgobeoibakoahbfnlficpmibdbkdchap? | |
| https://gptzero-public.s3.us-east-1.amazonaws.com/autograder-rubrics/SS-SAT-Essay-Rubric-2024.pdf | https://gptzero-public.s3.us-east-1.amazonaws.com/autograder-rubrics/TOEFL-ibt-Writing-Rubric.pdf | |
| https://gptzero-public.s3.us-east-1.amazonaws.com/autograder-rubrics/IELTS_Writing_Band_Rubric.pdf | https://gptzero-public.s3.us-east-1.amazonaws.com/autograder-rubrics/CELPIP-Level-Descriptors-Dec2023.pdf | |
| https://gptzero-public.s3.us-east-1.amazonaws.com/autograder-rubrics/ACT-WritingTest-Scoring-Rubric.pdf | https://www.ets.org/gre/test-takers/general-test/prepare/content/analytical-writing/scoring.html#accordion-06cf390d3c-item-d718e2bb0a | |
| https://app.gptzero.me/api-subscription. | https://app.gptzero.me/subscription-plans | |
| https://gptzero.me/sales | https://app.gptzero.me/api-subscription | |
| https://fonts.googleapis.com/css2?family=Inter:ital | https://fonts.googleapis.com/css2?family=DM+Mono:wght@500&display=swap | |
| https://app.gptzero.me/documents/ | https://app.gptzero.me/documents-history | |
| https://chatgpt.com/ | https://app.gptzero.me/login | |
| https://app.gptzero.me/app/subscription-plans?original_source=extension | https://app.gptzero.me | |
| https://app.gptzero.me/contact-us | https://docs.google.com/forms/d/1ecnhmzdgb0oMvp5hOsbZ4tvsUo4dSG6nrzdIAmLmIyo/edit | |
| https://support.google.com/docs/answer/11528737 | https://unpkg.com/ | |
| https://cdn.jsdelivr.net/npm/ | https://docs.google.com/forms/d/e/1FAIpQLSfM5HtNJQeDL5Op3ws2W437LTT3bpVspS5QdigjuA9LfZHQ-A/viewform?usp=header | |
| https://prosemirror.net/docs/guide/#generatable | https://docs.google.com/forms/d/e/1FAIpQLScLkAbHL96KeVuvQSI_fv-VvSCGjg1qa7t8P1H3g1b8xEPLyA/viewform?usp=header | |
| https://lottie.host/337a7b32-9d2b-46dd-8531-3fa761a555dd/pCx1mDmWMu.lottie | https://docs.google.com/document/ | |
| https://docs.google.com/document/u/ | https://chromewebstore.google.com/detail/gptzero-ai-detection-writ/kgobeoibakoahbfnlficpmibdbkdchap/reviews | |
| https://www.reddit.com/user/ | https://api.gptzero.me | |
| https://app.gptzero.me/app/subscription-plans?utm_source=chrome-extension&utm_component= | https://app.gptzero.me?session_id= | |
| https://docs.google.com/spreadsheets/ | https://docs.google.com/presentation/ | |
| https://drive.google.com/ | https://meet.google.com/ | |
| https://portal.azure.com/ | https://maps.google.com/ | |
| https://teams.microsoft.com/ | https://weather.com/ | |
| https://calculator.com/ | https://speedtest.net/ | |
| https://docs.googleusercontent.com/ | https://accounts.google.com/ |
Page 1 of 2
Raw Manifest
{ "key": "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhQbdRFboMbcIxu/uvGCpjK6uKjHJNRX8eKV75OgVZctPt/+FQSHRsrckTE2cMHprMDeX9Exi0V0IpGfu827u9/8GuugTGrZJoWqVMG8mGRsvgLLer8jZZpFmEn8HM5D/CVluoqtZhFe/zyqj/lqo6UFXoPeedVquRwpTBbohCWH5N0+HYydM0RBMfRNus8rjYJGwvggqVFLLl7Uq4YKNlBiPY/kOgQPQ5qYTLuzPrgfMPQesO953s4ok1tpSM4+n6jwdZMGDZqYabnEhAXBJdG/ToQ6jmu2Q0Ws2T7IsuuU+jraJto0ySohTdN2AxsYDJqi+MAnZRDPKb7e/sfXGGQIDAQAB", "name": "GPTZero: AI Detection & Writing Replay", "icons": { "16": "icon16.plasmo.d5649b53.png", "32": "icon32.plasmo.59065110.png", "48": "icon48.plasmo.9a69a5cd.png", "64": "icon64.plasmo.c3c82ea8.png", "128": "icon128.plasmo.39fff0f6.png" }, "action": { "default_icon": { "16": "icon16.plasmo.d5649b53.png", "32": "icon32.plasmo.59065110.png", "48": "icon48.plasmo.9a69a5cd.png", "64": "icon64.plasmo.c3c82ea8.png", "128": "icon128.plasmo.39fff0f6.png" }, "default_popup": "popup.html" }, "author": "GPTZero Inc.", "version": "2026.2.4", "commands": { "scan-full-page": { "description": "Scan the entire page for AI-generated text", "suggested_key": { "mac": "Command+Shift+O", "default": "Ctrl+Shift+O" } }, "_execute_action": { "suggested_key": { "mac": "Command+Shift+S", "default": "Ctrl+Shift+S" } } }, "background": { "service_worker": "static/background/index.js" }, "update_url": "https://clients2.google.com/service/update2/crx", "description": "Bring AI detection, citation checks, live essay feedback, and writing replays directly into Google Docs and your workflow.", "permissions": [ "scripting", "cookies", "storage", "contextMenus", "tabs", "alarms" ], "content_scripts": [ { "js": [ "canvasLms-Iframe.76cd1056.js" ], "css": [], "run_at": "document_idle", "matches": [ "<all_urls>" ], "all_frames": true }, { "js": [ "chatgptButtonStyles.cb71cade.js" ], "css": [], "matches": [ "<all_urls>" ] }, { "js": [ "copyTrackerIsolatedProbe.127b5396.js" ], "css": [], "run_at": "document_start", "matches": [ "<all_urls>" ], "all_frames": true }, { "js": [ "googleDocs-isolatedWorld.3bbf6209.js" ], "css": [], "run_at": "document_idle", "matches": [ "https://docs.google.com/document/d/*" ], "all_frames": true }, { "js": [ "canvasLms.4cb9dd84.js" ], "css": [], "run_at": "document_idle", "matches": [ "<all_urls>" ], "all_frames": false }, { "js": [ "chatgpt.46dd82cd.js" ], "css": [], "matches": [ "https://chatgpt.com/*" ], "all_frames": false }, { "js": [ "g0DocsWidget.04f57d59.js" ], "css": [ "font.16092751.css" ], "run_at": "document_idle", "matches": [ "https://docs.google.com/document/*" ], "all_frames": true, "exclude_matches": [ "https://docs.google.com/document/u/*" ] }, { "js": [ "g0Widget.02859b52.js" ], "css": [ "font.16092751.css" ], "matches": [ "<all_urls>" ], "all_frames": false, "exclude_matches": [ "https://docs.google.com/document/*", "https://docs.google.com/spreadsheets/*", "https://docs.google.com/presentation/*", "https://drive.google.com/*", "https://meet.google.com/*", "https://*.gptzero.me/*", "https://*.pukkagpt.com/*", "https://*.gptzero.com/*", "https://*.gitlab.com/*", "https://*.bitbucket.org/*", "https://*.console.aws.amazon.com/*", "https://*.cloud.google.com/*", "https://portal.azure.com/*", "https://*.vercel.com/*", "https://*.replit.com/*", "https://*.colab.research.google.com/*", "https://*.bankofamerica.com/*", "https://*.chase.com/*", "https://*.wellsfargo.com/*", "https://*.paypal.com/*", "https://*.stripe.com/*", "https://*.intuit.com/*", "https://*.robinhood.com/*", "https://*.etrade.com/*", "https://*.hrblock.com/*", "https://*.irs.gov/*", "https://*.healthcare.gov/*", "https://*.netflix.com/*", "https://*.hulu.com/*", "https://*.disneyplus.com/*", "https://*.amazon.com/*", "https://*.apple.com/*", "https://*.vimeo.com/*", "https://*.youtube.com/*", "https://*.spotify.com/*", "https://*.pandora.com/*", "https://*.soundcloud.com/*", "https://*.bandcamp.com/*", "https://*.deezer.com/*", "https://*.primevideo.com/*", "https://*.twitch.tv/*", "https://maps.google.com/*", "https://*.google.com/maps/*", "https://*.openstreetmap.org/*", "https://*.bing.com/maps/*", "https://*.canva.com/*", "https://*.pixlr.com/*", "https://*.photoshop.com/*", "https://*.lightroom.com/*", "https://*.behance.net/*", "https://*.dribbble.com/*", "https://*.pinterest.com/*", "https://*.adobe.com/*", "https://*.figma.com/*", "https://*.sketch.com/*", "https://*.zeplin.io/*", "https://*.proto.io/*", "https://*.photopea.com/*", "https://*.zoom.us/*", "https://meet.google.com/*", "https://teams.microsoft.com/*", "https://*.jitsi.org/*", "https://*.jit.si/*", "https://weather.com/*", "https://calculator.com/*", "https://speedtest.net/*", "https://docs.googleusercontent.com/*", "https://accounts.google.com/*", "https://calendar.google.com/*" ] }, { "js": [ "g0RatingsPopup.2d765822.js" ], "css": [ "font.16092751.css" ], "matches": [ "<all_urls>" ], "all_frames": false }, { "js": [ "googleClassroom.cebe12b0.js" ], "css": [], "matches": [ "https://classroom.google.com/*", "https://assignments.google.com/*" ] }, { "js": [ "googleDocs-revisionCount-ui.a91d4f74.js" ], "css": [ "font.16092751.css" ], "run_at": "document_idle", "matches": [ "https://docs.google.com/document/*" ], "all_frames": true }, { "js": [ "selectionScanButton.ee3c844b.js" ], "css": [], "matches": [ "https://chatgpt.com/*" ], "all_frames": false } ], "host_permissions": [ "http://localhost/*", "https://*.gptzero.me/*", "https://*.growthbook.io/*", "https://docs.google.com/*", "https://classroom.google.com/*", "https://assignments.google.com/*", "https://chatgpt.com/*" ], "manifest_version": 3, "externally_connectable": { "matches": [ "https://app.gptzero.me/*", "https://staging-app.gptzero.me/*", "https://pukka-app.gptzero.me/*", "https://preprod-app.gptzero.me/*", "https://live-feedback-app.gptzero.me/*", "http://localhost:3001/*" ] }, "web_accessible_resources": [ { "matches": [ "<all_urls>" ], "resources": [ "assets/*.png", "assets/*/**.png", "assets/keystrokeDetector/*.png" ] }, { "matches": [ "<all_urls>" ], "resources": [ "canvasLms.c556d01a.css" ] }, { "matches": [ "https://docs.google.com/*" ], "resources": [ "InterNormal.7928a6c8.woff2", "InterItalic.7b5c018f.woff2", "canvasLms.c556d01a.css", "g0DocsWidget.e9e86da6.css", "g0DocsWidget.898f3981.png", "g0DocsWidget.c76ebabc.png", "g0DocsWidget.07082fd2.png" ] }, { "matches": [ "<all_urls>" ], "resources": [ "InterNormal.7928a6c8.woff2", "InterItalic.7b5c018f.woff2", "canvasLms.c556d01a.css", "g0Widget.711fac76.svg", "g0Widget.900596d4.css" ] }, { "matches": [ "<all_urls>" ], "resources": [ "InterNormal.7928a6c8.woff2", "InterItalic.7b5c018f.woff2", "canvasLms.c556d01a.css" ] }, { "matches": [ "https://classroom.google.com/*", "https://assignments.google.com/*" ], "resources": [ "canvasLms.c556d01a.css", "googleClassroom.e71b9df6.png" ] }, { "matches": [ "https://docs.google.com/*" ], "resources": [ "InterNormal.7928a6c8.woff2", "InterItalic.7b5c018f.woff2", "canvasLms.c556d01a.css", "googleDocs-revisionCount-ui.357b926f.png" ] } ] }
ⓘ CRXaminer has partnered with our friends at Secure Annex to provide additional findings unique to their platform.
Secure Annex also analyzes extensions from other browsers, IDEs, and can continuously monitor.
Loading Secure Annex data...
Unable to load Secure Annex data.
This extension may not yet be analyzed by Secure Annex.
Detections
0Critical
0
High
0
Medium
0
Low
0
Has Verdicts
Yes
Manifest Findings
0Critical
0
High
0
Medium
0
Low
0
Secure Annex analyzed version: -