[ new scan ] [ statistics ] [ github ] [ twitter ] [ help ]

GlossaryTech, Backed by Dice

Version 0.11.8 View in Chrome Web Store

Last scanned: about 7 hours ago

Extension Details

Developer: https://glossarytech.com/

Rating: 4.5 ★ (40 ratings)

Users: 10,000

Context-Aware Verdict

HIGH

Overall Risk

Trust Factors: The extension is backed by Dice, a well-known technology recruitment platform, which adds credibility. With 10,000 users and a solid 4.5-star rating from 40 reviews, it shows reasonable adoption and user satisfaction. The developer website (glossarytech.com) appears legitimate and aligns with the extension's stated purpose of providing technology term definitions.

Concerns: The extension requests extremely broad permissions that seem excessive for a glossary tool. The combination of tabs, cookies, and universal host permissions (all HTTP/HTTPS sites) creates significant privacy and security risks. A glossary extension should only need to access content on pages where users actively request definitions, not maintain persistent access to all browsing activity and cookies. The ability to manipulate tabs and access cookies across all websites far exceeds what's necessary for displaying technology definitions.

Recommendations: Consider running this extension in a separate Chrome profile to isolate it from your primary browsing data and sensitive accounts. Before installing, evaluate whether you truly need an always-active glossary extension versus using standalone glossary websites when needed. If you proceed with installation, regularly review what data the extension might be collecting and consider disabling it when not actively needed. Monitor your browsing performance and privacy, as the broad permissions could enable extensive data collection beyond the extension's stated functionality.

Findings

HIGH

Broad Host Permissions

This extension has broad host permissions allowing it to access many or all websites. This could potentially be used to steal sensitive data or track browsing activity.

HIGH

High-Risk Permission: cookies

This extension has the cookies permission. Can access and modify browser cookies. This could potentially be used maliciously to compromise security or privacy.

HIGH

High-Risk Permission: tabs

This extension has the tabs permission. Can access browser tab information and manipulate tabs. This could potentially be used maliciously to compromise security or privacy.

MEDIUM

Medium-Risk Permission: activeTab

This extension has the activeTab permission. Can access the active tab when clicking the extension icon.

MEDIUM

Medium-Risk Permission: storage

This extension has the storage permission. Can store data locally.

Security Analysis Details

Required Permissions:

tabs
cookies
activeTab
storage

Host Permissions:

https://*/*
http://*/*

Content Security Policy:

extension_pages: script-src 'self'; object-src 'self'

Embedded URLs (37 total):

https://clients2.google.com/service/update2/crx	https://raw.githubusercontent.com/gionkunz/chartist-js/master/LICENSE-WTFPL
https://raw.githubusercontent.com/gionkunz/chartist-js/master/LICENSE-MIT	http://www.w3.org/2000/svg
http://www.w3.org/2000/xmlns/	http://www.w3.org/1999/xhtml
http://www.w3.org/1999/xlink	http://gionkunz.github.com/chartist-js/ct
http://www.w3.org/TR/selectors-api/	http://math.stackexchange.com/questions/45218/implementation-of-monotone-cubic-interpolation
http://mozilla.6506.n7.nabble.com/Specyfing-paths-with-percentages-unit-td247474.html	http://codepen.io/gionkunz/pen/KDvLj
https://developer.mozilla.org/en-US/docs/Web/SVG/Element/foreignObject	http://www.w3.org/TR/SVG/extend.html#ForeignObjectElement
http://www.w3.org/TR/SVG/animate.html	http://www.w3.org/TR/SVG11/feature
http://www.w3.org/TR/SVG11/feature#	http://lists.w3.org/Archives/Public/www-svg/2003Oct/0000.html
https://jquery.com/	https://sizzlejs.com/
https://jquery.org/license	http://jquery.org/license
https://glossarytech.com/auth/status	https://glossarytech.com/auth/logout
https://glossarytech.com/auth/li	https://fnlp.flyaps.com
https://fnlp.flyaps.com/chrome	https://glossarytech.com/scanner
https://glossarytech.com	https://www.google-analytics.com/mp/collect
https://www.google-analytics.com/debug/mp/collect	https://developers.google.com/analytics/devguides/collection/protocol/ga4/sending-events?client_type=gtag#recommended_parameters_for_reports
https://developers.google.com/analytics/devguides/collection/protocol/ga4/reference?client_type=gtag#reserved_names	http://www.w3.org/1999/02/22-rdf-syntax-ns#
http://fontawesome.io	http://fontawesome.io/license
http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd

Raw Manifest

{
  "name": "GlossaryTech, Backed by Dice",
  "icons": {
    "16": "img/ic-16.png",
    "48": "img/ic-48.png",
    "128": "img/ic-128.png"
  },
  "action": {
    "default_icon": "img/icon.png",
    "default_title": "GlossaryTech, Backed by Dice"
  },
  "version": "0.11.8",
  "background": {
    "type": "module",
    "service_worker": "service-worker.js"
  },
  "update_url": "https://clients2.google.com/service/update2/crx",
  "description": "Learn tech terms whilst web sourcing",
  "permissions": [
    "tabs",
    "cookies",
    "activeTab",
    "storage"
  ],
  "content_scripts": [
    {
      "js": [
        "chartist.js",
        "chartist-plugin-tooltip.js",
        "main.js"
      ],
      "css": [
        "term.css"
      ],
      "matches": [
        "https://*/*",
        "http://*/*"
      ],
      "all_frames": false
    }
  ],
  "host_permissions": [
    "https://*/*",
    "http://*/*"
  ],
  "manifest_version": 3,
  "content_security_policy": {
    "extension_pages": "script-src 'self'; object-src 'self'"
  },
  "web_accessible_resources": [
    {
      "matches": [
        "<all_urls>"
      ],
      "resources": [
        "main.css",
        "fonts/*",
        "img/*"
      ]
    }
  ]
}

by ✦ Astarte

GlossaryTech, Backed by Dice

Extension Details

Context-Aware Verdict

Findings

Security Analysis Details

Required Permissions:

Host Permissions:

Content Security Policy:

Embedded URLs (37 total):

Raw Manifest

Detections

Manifest Findings