[ new scan ] [ statistics ] [ github ] [ twitter ] [ help ]

Pumpkin's Right Click Enable

Version 1.0.7 View in Chrome Web Store

Last scanned: about 1 hour ago

Extension Details

Rating: 4.5 ★ (69 ratings)

Users: 30,000

Context-Aware Verdict

HIGH

Overall Risk

Trust Factors:

The extension has a reasonable user base of 30,000 users and a solid 4.5-star rating from 69 reviews, suggesting it functions as intended. However, the lack of visible developer information raises transparency concerns. The extension's purpose - enabling right-click functionality on websites that disable it - is legitimate and addresses a common user frustration.

Concerns:

The extension requests excessive permissions for its stated functionality. The tabs permission allows manipulation of browser tabs and access to sensitive tab information, which isn't necessary for simply re-enabling right-click menus. The broad host permissions (<all_urls>) grant access to all websites, creating potential for data harvesting or malicious activity. The declarativeNetRequest permission could be used to modify network requests across all sites. These permissions far exceed what's needed to restore right-click functionality, which could typically be accomplished with basic content script injection.

Recommendations:

Consider running this extension in a separate Chrome profile to isolate potential risks from your main browsing activities. Monitor the extension's behavior and disable it when not actively needed. Look for alternative extensions with more limited permissions that accomplish the same goal. Given the permission overreach, consider whether the convenience of restored right-click functionality justifies the security trade-offs, especially when browsing sensitive sites like banking or email platforms.

Findings

HIGH

Broad Host Permissions

This extension has broad host permissions allowing it to access many or all websites. This could potentially be used to steal sensitive data or track browsing activity.

HIGH

High-Risk Permission: tabs

This extension has the tabs permission. Can access browser tab information and manipulate tabs. This could potentially be used maliciously to compromise security or privacy.

MEDIUM

Medium-Risk Permission: contextMenus

This extension has the contextMenus permission. Can add items to the context menu.

MEDIUM

Medium-Risk Permission: storage

This extension has the storage permission. Can store data locally.

Raw Manifest

{
  "name": "__MSG_name__",
  "icons": {
    "16": "icon/p_icon_16.png",
    "48": "icon/p_icon_48.png",
    "128": "icon/p_icon_128.png"
  },
  "action": {
    "default_popup": "popup.html",
    "default_title": "pumpkin's right click enable"
  },
  "version": "1.0.7",
  "background": {
    "type": "module",
    "service_worker": "background.js"
  },
  "update_url": "https://clients2.google.com/service/update2/crx",
  "description": "__MSG_description__",
  "permissions": [
    "tabs",
    "contentSettings",
    "storage",
    "contextMenus",
    "declarativeNetRequest"
  ],
  "default_locale": "en",
  "content_scripts": [
    {
      "js": [
        "content-scripts/bu.js"
      ],
      "matches": [
        "http://*/*",
        "https://*/*"
      ],
      "all_frames": true
    },
    {
      "js": [
        "content-scripts/start.js"
      ],
      "run_at": "document_start",
      "matches": [
        "http://*/*",
        "https://*/*"
      ],
      "all_frames": true
    }
  ],
  "host_permissions": [
    "<all_urls>"
  ],
  "manifest_version": 3
}

by ✦ Astarte

https://lodash.com/	https://openjsf.org/
https://lodash.com/license	http://underscorejs.org/LICENSE
https://npms.io/search?q=ponyfill.	https://clients2.google.com/service/update2/crx
https://jquery.com/	https://jquery.org/license

Pumpkin's Right Click Enable

Extension Details

Context-Aware Verdict

Findings

Security Analysis Details

Required Permissions:

Host Permissions:

Embedded URLs (8 total):

Raw Manifest

Detections

Manifest Findings