Application Launcher For Drive (by Google)
Version 3.10 View in Chrome Web Store
Extension Details
Context-Aware Verdict
This extension is developed by Google directly (google.com), which provides significant credibility and trust. With 86 million users, it's clearly a widely adopted tool. However, the relatively low rating of 2.9 out of 5 from over 2,200 reviews suggests user dissatisfaction, which could indicate functionality issues or privacy concerns.
The extension's host permissions are specifically limited to Google's own domains (docs.google.com and drive.google.com), which is appropriate for its function as a Drive application launcher. However, the "broad host permissions" finding appears to be a false positive since the permissions are actually quite targeted. The nativeMessaging permission allows communication with native applications on your computer, which could potentially be misused but is likely necessary for launching applications. The low user rating is concerning and suggests the extension may not be working as expected or users have privacy concerns.
Given Google's reputation as the developer and the targeted permissions to their own services, this extension appears relatively safe to use. However, the poor user rating warrants caution. Consider reading recent reviews to understand user complaints before installing. If you decide to use it, monitor its behavior and consider running it in a separate Chrome profile if you notice any unexpected activity. The extension appears to serve its stated purpose legitimately within Google's ecosystem.
Findings
Security Analysis Details
Required Permissions:
- nativeMessaging
- offscreen
Host Permissions:
- https://docs.google.com/*
- https://drive.google.com/*
Content Security Policy:
- extension_pages: script-src 'self'; object-src 'self'
Embedded URLs (5 total):
| https://docs.google.com/offline/iframeapi | https://ssl.gstatic.com/docs/common/netcheck.gif | |
| https://docs.google.com/ | https://drive.google.com/ | |
| https://clients2.google.com/service/update2/crx |
Raw Manifest
{ "name": "__MSG_extensionName__", "icons": { "16": "images/drive-sync16.png", "64": "images/drive-sync64.png", "128": "images/drive-sync128.png", "256": "images/drive-sync256.png" }, "action": { "default_icon": { "16": "images/drive-sync16.png", "64": "images/drive-sync64.png", "128": "images/drive-sync128.png", "256": "images/drive-sync256.png" } }, "author": { "email": "drive-desktop-client-extensions@google.com" }, "version": "3.10", "background": { "service_worker": "background_compiled.js" }, "short_name": "__MSG_extensionShortName__", "update_url": "https://clients2.google.com/service/update2/crx", "description": "__MSG_extensionDescription__", "permissions": [ "nativeMessaging", "offscreen" ], "default_locale": "en_US", "host_permissions": [ "https://docs.google.com/*", "https://drive.google.com/*" ], "manifest_version": 3, "natively_connectable": [ "com.google.drive.nativeproxy" ], "externally_connectable": { "matches": [ "https://docs.google.com/*", "https://drive.google.com/*" ] }, "content_security_policy": { "extension_pages": "script-src 'self'; object-src 'self'" } }
ⓘ CRXaminer has partnered with our friends at Secure Annex to provide additional findings unique to their platform.
Secure Annex also analyzes extensions from other browsers, IDEs, and can continuously monitor.
This extension may not yet be analyzed by Secure Annex.