Extension Details
Context-Aware Verdict
The extension has very limited adoption with only 773 users and minimal reviews (3 ratings), which raises concerns about its legitimacy and testing. The 4.0 rating provides some reassurance, but the small sample size makes this less meaningful. The lack of developer information and company details significantly reduces trustworthiness, as there's no way to verify the creator's reputation or contact them for support.
The most significant red flag is the combination of broad content script injection across all URLs with host permissions to an analytics service (api2.amplitude.com). For a font inspection tool, accessing every website and sending data to external analytics platforms appears excessive and unnecessary. The storage permission, while reasonable for saving font preferences, combined with the broad access creates potential for data collection and privacy violations. The contextMenus permission seems appropriate for the stated functionality.
Given the high-risk profile, consider running this extension in a separate Chrome profile if you must use it, isolating it from your primary browsing activities. Before installation, verify that font inspection truly requires access to all websites - legitimate font tools typically work on specific pages when activated. Look for alternative font inspection extensions from established developers with better transparency and more restrictive permissions. If you proceed with installation, monitor your browsing carefully and consider removing the extension after use.
Findings
Security Analysis Details
Required Permissions:
- storage
- activeTab
- contextMenus
Host Permissions:
- https://api2.amplitude.com/*
Embedded URLs (8 total):
| https://api2.amplitude.com/2/httpapi | https://font-inspector.com/uninstall | |
| https://font-inspector.com/welcome?utm_source=extension | https://clients2.google.com/service/update2/crx | |
| https://api2.amplitude.com/ | http://www.w3.org/2000/svg | |
| https://tally.so/r/wkJK96 | https://chromewebstore.google.com/detail/ldanlnlkbcpglobchelebddfmjapiifd/reviews |
Raw Manifest
{ "name": "__MSG_appName__", "icons": { "16": "icons/16x16.png", "24": "icons/24x24.png", "32": "icons/32x32.png", "48": "icons/48x48.png", "64": "icons/64x64.png", "128": "icons/128x128.png", "256": "icons/256x256.png", "512": "icons/512x512.png" }, "action": { "default_icon": { "16": "icons/16x16.png", "24": "icons/24x24.png", "32": "icons/32x32.png", "48": "icons/48x48.png", "64": "icons/64x64.png", "128": "icons/128x128.png", "256": "icons/256x256.png", "512": "icons/512x512.png" }, "default_popup": "popup.html" }, "version": "1.0.8", "background": { "service_worker": "background.js" }, "update_url": "https://clients2.google.com/service/update2/crx", "description": "__MSG_shortDesc__", "permissions": [ "storage", "activeTab", "contextMenus" ], "default_locale": "en", "content_scripts": [ { "js": [ "content.js" ], "matches": [ "<all_urls>" ] } ], "host_permissions": [ "https://api2.amplitude.com/*" ], "manifest_version": 3 }
ⓘ CRXaminer has partnered with our friends at Secure Annex to provide additional findings unique to their platform.
Secure Annex also analyzes extensions from other browsers, IDEs, and can continuously monitor.
This extension may not yet be analyzed by Secure Annex.