Extension Details
Context-Aware Verdict
The extension has a focused, legitimate purpose for converting SVG files to PNG format, which is a common utility need. With 3,000 users and a solid 4.4-star rating from 12 reviews, it shows reasonable adoption and user satisfaction. The extension operates on Manifest V3, which provides enhanced security protections compared to older versions. Most importantly, the extension requires no permissions, host permissions, or background scripts, indicating a very lightweight implementation that likely processes files locally without accessing external resources or user data.
The main concern is the limited information available about the developer, with no company name or developer details provided. This makes it difficult to assess the publisher's reputation or track record. Additionally, while 12 reviews provide some user feedback, the sample size is relatively small for comprehensive assessment.
This extension appears very safe to use given its minimal permissions and focused functionality. The lack of any permissions suggests it operates entirely within the browser's sandbox without accessing sensitive data or external networks. You can confidently install this extension in your main Chrome profile. However, if you prefer extra caution due to the anonymous developer, consider testing it with non-sensitive SVG files first to verify it works as expected.
Findings
Security Analysis Details
Embedded URLs (22 total):
| https://svg-to-png.tilda.ws | https://reactjs.org/docs/error-decoder.html?invariant= | |
| http://www.w3.org/1999/xlink | http://www.w3.org/XML/1998/namespace | |
| http://www.w3.org/2000/svg | http://www.w3.org/1998/Math/MathML | |
| http://www.w3.org/1999/xhtml | http://fb.me/use-check-prop-types | |
| https://lodash.com/ | https://openjsf.org/ | |
| https://lodash.com/license | http://underscorejs.org/LICENSE | |
| https://npms.io/search?q=ponyfill. | https://developer.mozilla.org/en-US/docs/Web/CSS/named-color | |
| https://developer.mozilla.org/en-US/docs/Web/CSS/color_value | https://docs.google.com/forms/d/e/1FAIpQLSfsZh7i7RMHdhNdU9m4DFTTIR35JYm8hZTcPBm869SNGVt0vw/viewform?usp=sf_link | |
| https://chromewebstore.google.com/detail/leakpkiajhlppcdaamfakildcfkihoig/reviews?utm_source=extension&utm_medium=rateus | https://fonts.googleapis.com | |
| https://fonts.gstatic.com | https://fonts.googleapis.com/css2?family=Archivo&display=swap | |
| https://fonts.googleapis.com/css2?family=Martian+Mono&display=swap | https://clients2.google.com/service/update2/crx |
Raw Manifest
{ "name": "__MSG_appName__", "icons": { "16": "public/16x16.png", "48": "public/48x48.png", "64": "public/64x64.png", "128": "public/128x128.png" }, "action": { "default_popup": "index.html#popup" }, "version": "1.1.2", "background": { "type": "module", "service_worker": "service-worker-loader.js" }, "update_url": "https://clients2.google.com/service/update2/crx", "description": "__MSG_shortDesc__", "default_locale": "en", "manifest_version": 3 }
ⓘ CRXaminer has partnered with our friends at Secure Annex to provide additional findings unique to their platform.
Secure Annex also analyzes extensions from other browsers, IDEs, and can continuously monitor.
This extension may not yet be analyzed by Secure Annex.