Salesforce Custom Label Manager
Version 1.2.0 View in Chrome Web Store
Extension Details
Context-Aware Verdict
The extension has very limited adoption with only 56 users and just 2 ratings, making it difficult to assess reliability through community feedback. While it maintains a perfect 5.0 rating, the small sample size is not statistically significant. The lack of visible developer information raises transparency concerns, and the extension appears to be relatively new or niche within the Salesforce ecosystem.
The cookies permission is particularly concerning for a custom label management tool, as this functionality seems unnecessary for managing Salesforce labels. The broad host permissions covering all Salesforce and Force.com domains create an extensive attack surface that goes beyond what would typically be required for label management. The combination of cookie access and broad domain permissions could enable session hijacking or unauthorized data access across multiple Salesforce organizations. The activeTab permission, while less critical, adds another layer of potential access that may not be essential for the stated functionality.
Consider running this extension in a separate Chrome profile dedicated to Salesforce development work to isolate potential risks. Before installation, verify the extension's necessity - many Salesforce label management tasks can be accomplished through native Salesforce tools or more established extensions with better track records. If you must use this extension, monitor your Salesforce sessions carefully and log out completely when finished. Consider reaching out to the developer for clarification on why cookie permissions are required for label management functionality.
Findings
Security Analysis Details
Required Permissions:
- activeTab
- cookies
Host Permissions:
- https://*.force.com/*
- https://*.salesforce.com/*
Content Security Policy:
- extension_pages: script-src 'self'; object-src 'self'
Embedded URLs (10 total):
| https://clients2.google.com/service/update2/crx | http://www.w3.org/XML/1998/namespace | |
| http://www.w3.org/1999/xlink | http://www.w3.org/2000/svg | |
| http://polymer.github.io/LICENSE.txt | http://polymer.github.io/AUTHORS.txt | |
| http://polymer.github.io/CONTRIBUTORS.txt | http://polymer.github.io/PATENTS.txt | |
| https://creativecommons.org/licenses/by-nd/4.0/legalcode | https://html5boilerplate.com/ |
Raw Manifest
{ "name": "Salesforce Custom Label Manager", "icons": { "16": "./src/resources/label-16.png", "32": "./src/resources/label-32.png", "48": "./src/resources/label-48.png", "128": "./src/resources/label-128.png" }, "version": "1.2.0", "background": { "mode": "module", "service_worker": "./extension_scripts/background.js" }, "update_url": "https://clients2.google.com/service/update2/crx", "description": "View Duplicate Custom Labels and Create", "permissions": [ "activeTab", "cookies" ], "content_scripts": [ { "js": [ "extension_scripts/contentScript.js" ], "run_at": "document_end", "matches": [ "https://*.force.com/*", "https://*.salesforce.com/*" ], "all_frames": false } ], "host_permissions": [ "https://*.force.com/*", "https://*.salesforce.com/*" ], "manifest_version": 3, "content_security_policy": { "extension_pages": "script-src 'self'; object-src 'self'" }, "web_accessible_resources": [ { "matches": [ "https://*.force.com/*" ], "resources": [ "src/index.html", "src/resources/*" ] } ] }
ⓘ CRXaminer has partnered with our friends at Secure Annex to provide additional findings unique to their platform.
Secure Annex also analyzes extensions from other browsers, IDEs, and can continuously monitor.
This extension may not yet be analyzed by Secure Annex.