[ new scan ] [ statistics ] [ github ] [ twitter ]

History Plus

Version 2.0.8 View in Chrome Web Store

Last scanned: 15 days ago | force re-scan

Extension Details

Rating: 4.4 ★ (53 ratings)

Users: 6,000

Context-Aware Verdict

HIGH

Risk Level

Trust Factors:

- The extension has a relatively high number of users (6,000), which could indicate some level of trust.

- The rating of 4.4 out of 5 stars from 53 reviews suggests that users generally find the extension useful and trustworthy.

- However, the lack of information about the developer or company behind the extension makes it difficult to assess their reputation and trustworthiness.

Concerns:

- The extension requests the "history" permission, which allows it to access the user's entire browsing history. This is a high-risk permission that could potentially compromise the user's privacy and security if the extension is malicious or compromised.

- The "unlimitedStorage" permission allows the extension to store an unlimited amount of data locally, which could be a privacy concern if sensitive information is stored.

- The Content Security Policy (CSP) allows "wasm-unsafe-eval," which permits the execution of potentially dangerous WebAssembly code. This could be used to hide malicious code or perform CPU-intensive operations, posing a security risk.

Recommendations:

- Exercise caution when installing this extension, as it requests high-risk permissions and has the potential to compromise your privacy and security.

- If you decide to use this extension, consider running it in a separate Chrome profile or a dedicated browser instance to isolate it from your main browsing activities.

- Regularly review the extension's permissions and behavior, and uninstall it if you notice any suspicious activities or privacy concerns.

- Consider using alternative extensions with similar functionality but fewer high-risk permissions or from more reputable developers.

Security Analysis

HIGH

Overall Risk

Based on 4 total findings, ranked without considering overall context, including 2 high-risk and 2 medium-risk findings.

HIGH

High-Risk Permission: history

This extension has the history permission. Can access your browsing history. This could potentially be used maliciously to compromise security or privacy.

HIGH

Unsafe WebAssembly Execution

This extension's Content Security Policy allows 'wasm-unsafe-eval', which permits potentially dangerous WebAssembly code execution. This could be used to hide malicious code or perform CPU-intensive operations.

MEDIUM

Medium-Risk Permission: storage

This extension has the storage permission. Can store data locally.

MEDIUM

Medium-Risk Permission: unlimitedStorage

This extension has the unlimitedStorage permission. Can store unlimited data locally.

Security Analysis Details

Required Permissions:

favicon
storage
history
unlimitedStorage

Content Security Policy:

extension_pages: script-src 'self' 'wasm-unsafe-eval'; object-src 'self';

Embedded URLs (628 total):

https://justboil.me	https://sites.google.com/view/history-plus-extension/feeback
https://www.buymeacoffee.com/historyplus	https://clients2.google.com/service/update2/crx
http://www.w3.org/2000/svg	https://fonts.gstatic.com/s/materialicons/v139/flUhRq6tzZclQEJ-Vdg-IuiaDsNcIhQ8tQ.woff2
https://icon-sets.iconify.design/mdi/	https://cdnjs.cloudflare.com/ajax/libs/MaterialDesign-Webfont/7.4.47/fonts/materialdesignicons-webfont.eot?v=7.4.47
https://cdnjs.cloudflare.com/ajax/libs/MaterialDesign-Webfont/7.4.47/fonts/materialdesignicons-webfont.eot?#iefix&v=7.4.47	https://cdnjs.cloudflare.com/ajax/libs/MaterialDesign-Webfont/7.4.47/fonts/materialdesignicons-webfont.woff2?v=7.4.47
https://cdnjs.cloudflare.com/ajax/libs/MaterialDesign-Webfont/7.4.47/fonts/materialdesignicons-webfont.woff?v=7.4.47	https://cdnjs.cloudflare.com/ajax/libs/MaterialDesign-Webfont/7.4.47/fonts/materialdesignicons-webfont.ttf?v=7.4.47
https://mail.google.com	https://mail.google.com/.
https://docs.google.com/document/	https://docs.google.com/document/d/.
https://docs.google.com/drawings	https://docs.google.com/drawings/d/.
https://drive.google.com	https://drive.google.com/drive/.
https://drive.google.com/file/d/.	https://docs.google.com/forms/
https://docs.google.com/forms/d/.	https://www.google.com
https://www.google.com/search.	https://docs.google.com/spreadsheets
https://docs.google.com/spreadsheets/d/.	https://docs.google.com/presentation
https://docs.google.com/presentation/d/.	https://analytics.google.com
https://analytics.google.com/analytics/.	https://calendar.google.com
https://calendar.google.com/calendar/.	https://keep.google.com/
https://keep.google.com/.	https://news.google.com
https://outlook.live.com/	https://outlook.live.com/mail/.
https://onedrive.live.com/	https://onedrive.live.com/edit.
https://teams.live.com/	https://teams.live.com/.
https://outlook.live.com/calendar/0/view/month	https://outlook.live.com/calendar/.
https://outlook.live.com/people/0/	https://outlook.live.com/people/.
https://www.office.com/	https://www.office.com/launch/word.
https://forms.office.com/	https://forms.office.com/.
https://mail.aol.com/	https://mail.aol.com/.
https://mail.yahoo.com	https://mail.yahoo.com/.
https://app.titan.email	https://app.titan.email/.
https://www.icloud.com/mail	https://www.icloud.com/mail.
https://proton.me/mail/	https://mail.proton.me/u/.
https://www.mail.com/	https://www.affinity.co
https://airtable.com	https://airtable.com/.
https://analytics.amplitude.com	https://analytics.amplitude.com/.
https://app.asana.com	https://app.asana.com/.
https://3.basecamp.com	https://3.basecamp.com/.
https://www.behance.net	https://www.behance.net/.
https://bitbucket.org	https://bitbucket.org/.
https://app.box.com	https://app.box.com/.
https://calendly.com	https://calendly.com/.
https://www.canva.com	https://app.clickup.com/

Page 1 of 8

Raw Manifest

{
  "name": "__MSG_global_extensionName__",
  "icons": {
    "16": "assets/icon/history_plus_16.png",
    "32": "assets/icon/history_plus_32.png",
    "48": "assets/icon/history_plus_48.png",
    "64": "assets/icon/history_plus_64.png",
    "128": "assets/icon/history_plus_128.png"
  },
  "action": {
    "default_icon": {
      "16": "assets/icon/history_plus_16.png",
      "32": "assets/icon/history_plus_32.png",
      "48": "assets/icon/history_plus_48.png",
      "64": "assets/icon/history_plus_64.png",
      "128": "assets/icon/history_plus_128.png"
    },
    "default_popup": "popup.html",
    "default_title": "__MSG_global_extensionName__"
  },
  "author": "Tom Zenho",
  "version": "2.0.8",
  "incognito": "not_allowed",
  "background": {
    "service_worker": "assets/js/background.js"
  },
  "short_name": "HP",
  "update_url": "https://clients2.google.com/service/update2/crx",
  "description": "__MSG_global_extensionDescription__",
  "permissions": [
    "favicon",
    "storage",
    "history",
    "unlimitedStorage"
  ],
  "options_page": "options.html",
  "default_locale": "en",
  "offline_enabled": true,
  "manifest_version": 3,
  "content_security_policy": {
    "extension_pages": "script-src 'self' 'wasm-unsafe-eval'; object-src 'self';"
  },
  "web_accessible_resources": [
    {
      "matches": [
        "<all_urls>"
      ],
      "resources": [
        "_favicon/*"
      ],
      "extension_ids": [
        "*"
      ]
    }
  ],
  "cross_origin_opener_policy": {
    "value": "same-origin"
  },
  "cross_origin_embedder_policy": {
    "value": "require-corp"
  }
}

History Plus

Extension Details

Context-Aware Verdict

Security Analysis

Security Analysis Details

Required Permissions:

Content Security Policy:

Embedded URLs (628 total):

Raw Manifest

Secure Annex (beta)