Extension Details
Context-Aware Verdict
The extension has very limited adoption with only 111 users and a single 5-star rating, making it difficult to assess reliability through community feedback. The lack of developer information and company details raises transparency concerns. However, the specific focus on Gmail theme functionality appears legitimate given its targeted host permissions.
The primary concern is the broad host permissions for mail.google.com, which grants extensive access to your entire Gmail account including emails, contacts, and personal data. While the activeTab and storage permissions are reasonable for theme management, the combination allows the extension to potentially access, modify, or exfiltrate sensitive email content. The low user base means less community vetting, and the absence of developer identification makes accountability unclear.
Given the medium risk level, consider running this extension in a separate Chrome profile dedicated to Gmail if you must use it. This isolates potential security risks from your main browsing profile. Before installation, verify that theme synchronization truly requires such broad Gmail access - many theme extensions function with more limited permissions. Monitor the extension's behavior after installation and remove it immediately if you notice any unusual activity. Consider waiting for the extension to gain more users and reviews before trusting it with access to your Gmail account.
Findings
Security Analysis Details
Required Permissions:
- activeTab
- scripting
- storage
Host Permissions:
- https://mail.google.com/*
Embedded URLs (6 total):
| https://clients2.google.com/service/update2/crx | https://github.com/k97/gmail-system-theme-sync-chrome-extension | |
| https://mail.google.com/ | https://chrome.google.com/webstore | |
| https://rkarthik.co | https://claude.ai |
Raw Manifest
{ "name": "Gmail Theme Sync & Control", "icons": { "16": "images/icon16.png", "48": "images/icon48.png", "64": "images/icon64.png", "128": "images/icon128.png" }, "action": { "default_icon": { "16": "images/icon16.png", "48": "images/icon48.png", "64": "images/icon64.png", "128": "images/icon128.png" }, "default_popup": "popup.html" }, "author": "k97", "version": "1.1.1", "incognito": "split", "background": { "type": "module", "service_worker": "background.js" }, "update_url": "https://clients2.google.com/service/update2/crx", "description": "Automatically syncs Gmail with your system theme by default and controls either light or dark mode for a easier experience.", "permissions": [ "activeTab", "scripting", "storage" ], "homepage_url": "https://github.com/k97/gmail-system-theme-sync-chrome-extension", "content_scripts": [ { "js": [ "contentScript.js" ], "run_at": "document_idle", "matches": [ "https://mail.google.com/*" ], "all_frames": false } ], "offline_enabled": true, "host_permissions": [ "https://mail.google.com/*" ], "manifest_version": 3, "minimum_chrome_version": "88" }
ⓘ CRXaminer has partnered with our friends at Secure Annex to provide additional findings unique to their platform.
Secure Annex also analyzes extensions from other browsers, IDEs, and can continuously monitor.
This extension may not yet be analyzed by Secure Annex.