Gmail Theme Sync & Control

Version 1.1.1 View in Chrome Web Store

Last scanned: 7 months ago | force re-scan

Extension Details

Rating: 5.0 ★ (1 rating)

Size: 22.03KiB

Last Updated: May 14, 2025

Users: 3

Context-Aware Verdict

HIGH

Overall Risk

Trust Factors:

- The extension has a low number of users (3), which raises concerns about its trustworthiness and popularity.

- The lack of developer information and a detailed description makes it difficult to assess the extension's legitimacy and purpose.

Concerns:

- The extension requests broad host permissions, allowing it to access many or all websites, which could potentially be used to steal sensitive data or track browsing activity.

- The extension has access to the sensitive domain mail.google.com, which handles personal email communications, raising privacy concerns.

- The "activeTab" permission allows the extension to access the active tab when clicked, which could be exploited for malicious purposes.

- The "storage" permission enables the extension to store data locally, which could be misused to store sensitive information without the user's knowledge.

Recommendations:

- Exercise caution when installing this extension due to the high-risk level and lack of transparency regarding its purpose and developer.

- Consider running the extension in a separate Chrome profile or a sandboxed environment to isolate potential risks.

- Regularly review the extension's permissions and activity to ensure it is not engaging in any unauthorized or suspicious behavior.

- If possible, seek alternative extensions from reputable developers with a clear purpose and a large user base for added security.

Findings

HIGH

Broad Host Permissions

This extension has broad host permissions allowing it to access many or all websites. This could potentially be used to steal sensitive data or track browsing activity.

MEDIUM

Access to Sensitive Domains

This extension requests access to sensitive domains: https://mail.google.com/*. Ensure you trust this extension with access to these sites.

MEDIUM

Medium-Risk Permission: activeTab

This extension has the activeTab permission. Can access the active tab when clicking the extension icon.

MEDIUM

Medium-Risk Permission: storage

This extension has the storage permission. Can store data locally.

Raw Manifest

{
  "name": "Gmail Theme Sync & Control",
  "icons": {
    "16": "images/icon16.png",
    "48": "images/icon48.png",
    "64": "images/icon64.png",
    "128": "images/icon128.png"
  },
  "action": {
    "default_icon": {
      "16": "images/icon16.png",
      "48": "images/icon48.png",
      "64": "images/icon64.png",
      "128": "images/icon128.png"
    },
    "default_popup": "popup.html"
  },
  "author": "k97",
  "version": "1.1.1",
  "incognito": "split",
  "background": {
    "type": "module",
    "service_worker": "background.js"
  },
  "update_url": "https://clients2.google.com/service/update2/crx",
  "description": "Automatically syncs Gmail with your system theme by default and controls either light or dark mode for a easier experience.",
  "permissions": [
    "activeTab",
    "scripting",
    "storage"
  ],
  "homepage_url": "https://github.com/k97/gmail-system-theme-sync-chrome-extension",
  "content_scripts": [
    {
      "js": [
        "contentScript.js"
      ],
      "run_at": "document_idle",
      "matches": [
        "https://mail.google.com/*"
      ],
      "all_frames": false
    }
  ],
  "offline_enabled": true,
  "host_permissions": [
    "https://mail.google.com/*"
  ],
  "manifest_version": 3,
  "minimum_chrome_version": "88"
}

by ✦ Astarte

Gmail Theme Sync & Control

Extension Details

Context-Aware Verdict

Findings

Security Analysis Details

Required Permissions:

Host Permissions:

Embedded URLs (6 total):

Raw Manifest

Detections

Manifest Findings

https://clients2.google.com/service/update2/crx	https://github.com/k97/gmail-system-theme-sync-chrome-extension
https://mail.google.com/	https://chrome.google.com/webstore
https://rkarthik.co	https://claude.ai