Extension Details
Context-Aware Verdict
The extension has a solid user base of 50,000 users and maintains a good rating of 4.4 stars from 77 reviews, indicating general user satisfaction. The name "Locale Switcher" suggests a legitimate utility function for changing language/region settings. However, the lack of visible developer information reduces transparency and accountability.
The primary concern is the broad content script injection capability across all URLs, which creates significant potential for data exposure. While the extension's stated purpose may justify accessing websites to modify locale settings, this permission grants access to all website content including sensitive information like passwords, personal data, and financial details. The storage permission, while necessary for remembering user preferences, could potentially be used to collect and store browsing data. The activeTab permission is appropriately scoped for the extension's functionality.
Consider running this extension in a separate Chrome profile dedicated to non-sensitive browsing activities. Before installation, verify the extension's behavior by checking recent reviews for any reports of suspicious activity. Monitor your browsing sessions after installation for any unexpected behavior. If you only need locale switching for specific websites, consider looking for alternatives with more restricted permissions. Given the broad access requirements, only install if you specifically need this functionality and trust the developer despite the limited transparency.
Findings
Security Analysis Details
Required Permissions:
- storage
- declarativeNetRequest
- activeTab
Embedded URLs (16 total):
| https://clients2.google.com/service/update2/crx | https://github.com/locale-switcher/locale-switcher | |
| http://tachyons.io | https://svelte.dev/e/effect_in_teardown | |
| https://svelte.dev/e/effect_in_unowned_derived | https://svelte.dev/e/effect_orphan | |
| https://svelte.dev/e/effect_update_depth_exceeded | https://svelte.dev/e/props_invalid_value | |
| https://svelte.dev/e/state_descriptors_fixed | https://svelte.dev/e/state_prototype_fixed | |
| https://svelte.dev/e/state_unsafe_local_read | https://svelte.dev/e/state_unsafe_mutation | |
| https://svelte.dev/e/lifecycle_outside_component | http://www.w3.org/1999/xhtml | |
| http://www.w3.org/2000/svg | https://github.com/locale-switcher/locale-switcher/ |
Raw Manifest
{ "name": "Locale Switcher", "icons": { "256": "icon/256.png" }, "action": { "default_popup": "popup.html" }, "version": "1.3.1", "commands": { "_execute_action": { "suggested_key": { "default": "Ctrl+Shift+L" } } }, "background": { "service_worker": "background.js" }, "update_url": "https://clients2.google.com/service/update2/crx", "description": "Lets you quickly switch the browser locale to test localization on your website.", "permissions": [ "storage", "declarativeNetRequest", "activeTab" ], "homepage_url": "https://github.com/locale-switcher/locale-switcher", "content_scripts": [ { "js": [ "content-scripts/content.js" ], "run_at": "document_start", "matches": [ "<all_urls>" ], "all_frames": true } ], "manifest_version": 3, "web_accessible_resources": [ { "matches": [ "*://*/*" ], "resources": [ "override-language.js" ] } ] }
ⓘ CRXaminer has partnered with our friends at Secure Annex to provide additional findings unique to their platform.
Secure Annex also analyzes extensions from other browsers, IDEs, and can continuously monitor.
This extension may not yet be analyzed by Secure Annex.