[ new scan ] [ statistics ] [ github ] [ twitter ] [ help ]

Zendesk Quicktab

Version 1.1.0 View in Chrome Web Store

Last scanned: 1 day ago | force re-scan

Extension Details

Rating: 4.5 ★

Users: 249

Context-Aware Verdict

HIGH

Overall Risk

Trust Factors: The extension has a very small user base of only 249 users and lacks clear developer information, which raises concerns about legitimacy and ongoing support. The 4.5-star rating provides some reassurance, but with such a limited user base, this rating may not be statistically significant. The extension appears to be designed for Zendesk users, which is a legitimate business platform.

Concerns: The extension requests several powerful permissions that seem excessive for a simple Zendesk productivity tool. The webNavigation and tabs permissions allow comprehensive tracking of your browsing behavior and tab manipulation, which goes beyond what would typically be needed for Zendesk integration. The broad host permissions for all Zendesk domains could potentially be exploited if the extension is compromised. The combination of these permissions creates a significant privacy risk, as the extension could monitor your web activity and access sensitive information across Zendesk instances.

Recommendations: Given the high risk level and limited user base, consider running this extension in a separate Chrome profile dedicated only to Zendesk work. This isolates potential security risks from your main browsing profile. Alternatively, look for more established Zendesk extensions with larger user bases and clearer developer credentials. If you must use this extension, regularly review its behavior and remove it immediately if you notice any suspicious activity or unexpected data requests.

Findings

HIGH

Broad Host Permissions

This extension has broad host permissions allowing it to access many or all websites. This could potentially be used to steal sensitive data or track browsing activity.

HIGH

High-Risk Permission: tabs

This extension has the tabs permission. Can access browser tab information and manipulate tabs. This could potentially be used maliciously to compromise security or privacy.

HIGH

High-Risk Permission: webNavigation

This extension has the webNavigation permission. Can track your web navigation. This could potentially be used maliciously to compromise security or privacy.

MEDIUM

Medium-Risk Permission: storage

This extension has the storage permission. Can store data locally.

Raw Manifest

{
  "name": "Zendesk Quicktab",
  "icons": {
    "16": "images/icons/icon-16.png",
    "19": "images/icons/icon-19.png",
    "128": "images/icons/icon-128.png"
  },
  "action": {
    "default_icon": {
      "19": "images/icons/icon38-enabled.png",
      "38": "images/icons/icon38-enabled.png"
    },
    "default_popup": "popup.html",
    "default_title": "Zendesk QuickTab"
  },
  "version": "1.1.0",
  "background": {
    "service_worker": "javascripts/tabWatcher.js"
  },
  "update_url": "https://clients2.google.com/service/update2/crx",
  "description": "Well behaved browser tabs for Zendesk agents",
  "permissions": [
    "webNavigation",
    "tabs",
    "storage",
    "scripting"
  ],
  "default_locale": "en",
  "host_permissions": [
    "http://*.zendesk.com/*",
    "https://*.zendesk.com/*"
  ],
  "manifest_version": 3
}

by ✦ Astarte

Zendesk Quicktab

Extension Details

Context-Aware Verdict

Findings

Security Analysis Details

Required Permissions:

Host Permissions:

Embedded URLs (3 total):

Raw Manifest

Detections

Manifest Findings

https://clients2.google.com/service/update2/crx	https://github.com/zendesk/quicktab
https://github.com/zendesk/quicktab/issues