Platstack: The Save button for the internet
Version 4.5.7 View in Chrome Web Store
Extension Details
Context-Aware Verdict
The extension has a perfect 5.0 rating but with only 14 reviews, which is a very small sample size. With just 2,000 users, this is a relatively unknown extension. The developer is listed as "Platstack, LLC" which suggests a business entity, though no additional developer information is provided. The extension appears to be a bookmarking/saving tool based on its name and description.
The extension requests extremely broad permissions that seem excessive for a simple "save button" functionality. The combination of tabs permission, universal host permissions, and content script injection across all websites creates a powerful surveillance capability. These permissions would allow the extension to monitor all browsing activity, access sensitive data on banking sites, read private communications, and potentially steal credentials from any website visited. For a bookmarking tool, such extensive access is unnecessary and concerning.
Given the high-risk permissions and limited user base, consider running this extension in a separate Chrome profile if you must use it. This isolates it from your main browsing data and other extensions. Alternatively, look for established bookmarking alternatives like Pocket, Raindrop.io, or built-in browser bookmarking features that don't require such invasive permissions. Before installing, carefully evaluate whether the functionality truly requires access to all websites, as legitimate bookmarking tools typically only need permission when explicitly saving content.
Findings
Security Analysis Details
Required Permissions:
- tabs
- scripting
- contextMenus
Host Permissions:
- <all_urls>
Embedded URLs (737 total):
| https://www.platstack.com | https://www.platstack.com/users/platstack | |
| https://github.com/DavidBruant/Map-Set.prototype.toJSON | https://github.com/zloirock/core-js/issues/86#issuecomment-115759028 | |
| http://jsperf.lnkit.com/fast-apply/5 | https://github.com/zloirock/core-js/issues/339 | |
| https://tc39.github.io/proposal-setmap-offrom/ | https://bugs.chromium.org/p/chromium/issues/detail?id=830565 | |
| https://github.com/zloirock/core-js/issues/173 | https://code.google.com/p/v8/issues/detail?id=687 | |
| https://bugs.chromium.org/p/v8/issues/detail?id=3443 | https://github.com/tc39/proposal-promise-finally | |
| https://github.com/tc39/proposal-promise-try | https://tc39.github.io/proposal-setmap-offrom/#sec-set.from | |
| https://tc39.github.io/proposal-setmap-offrom/#sec-set.of | https://github.com/date-fns/date-fns/blob/master/src/format/index.js#L31 | |
| https://github.com/garycourt/murmurhash-js | https://github.com/aappleby/smhasher/blob/61a0530f28277f2e850bfc39600ce61d02b518de/src/MurmurHash2.cpp#L37-L86 | |
| https://esbench.com/bench/5bfee68a4cd7e6009ef61d23 | https://github.com/emotion-js/emotion/tree/main/packages/react | |
| https://github.com/emotion-js/emotion/issues/2675 | https://caniuse.com/?search=globalThis | |
| https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Template_literals#ES2018_revision_of_illegal_escape_sequences | https://esbench.com/bench/5b809c2cf2949800a0f61fb5 | |
| https://mui.com/base-ui/react-click-away-listener/ | https://mui.com/base-ui/react-click-away-listener/components-api/#click-away-listener | |
| https://github.com/facebook/react/issues/20074 | https://github.com/DieterHolvoet/event-propagation-path/blob/master/propagationPath.js | |
| https://github.com/focus-trap/tabbable | https://bugs.chromium.org/p/chromium/issues/detail?id=661108&q=contenteditable%20tabindex&can=2 | |
| https://mui.com/base-ui/react-focus-trap/ | https://mui.com/base-ui/react-focus-trap/components-api/#focus-trap | |
| https://bugzilla.mozilla.org/show_bug.cgi?id=559561. | https://html.spec.whatwg.org/multipage/interaction.html#focus-fixup-rule. | |
| https://popper.js.org/docs/v2/ | https://mui.com/base-ui/react-popper/ | |
| https://mui.com/base-ui/react-popper/components-api/#popper | https://popper.js.org/docs/v2/virtual-elements/ | |
| https://popper.js.org/docs/v2/modifiers/ | https://popper.js.org/docs/v2/constructors/#options | |
| https://mui.com/base-ui/react-portal/ | https://mui.com/base-ui/react-portal/components-api/#portal | |
| https://mui.com/base-ui/react-textarea-autosize/ | https://mui.com/material-ui/react-textarea-autosize/ | |
| https://mui.com/base-ui/react-textarea-autosize/components-api/#textarea-autosize | https://github.com/facebook/react/issues/24331 | |
| https://github.com/WICG/resize-observer/issues/38 | https://github.com/mui/mui-x/issues/8733 | |
| https://www.w3.org/TR/html-aria/#docconformance | https://css-tricks.com/snippets/css/force-vertical-scrollbar/ | |
| https://mui.com/base-ui/react-modal/#hook | https://mui.com/base-ui/react-modal/hooks-api/#use-modal | |
| https://stackoverflow.com/questions/990904/remove-accents-diacritics-in-a-string-in-javascript | https://www.w3.org/WAI/content-assets/wai-aria-practices/patterns/combobox/examples/js/select-only.js | |
| https://github.com/mui/material-ui/pull/33205 | https://developer.mozilla.org/en-US/docs/Web/HTML/Element/img#attributes | |
| https://mui.com/material-ui/customization/palette/#custom-colors | https://github.com/facebook/react/issues/7769 | |
| https://developer.mozilla.org/en-US/docs/Web/API/KeyboardEvent/repeat | https://codesandbox.io/p/sandbox/button-keyup-preventdefault-dn7f0 | |
| https://drafts.csswg.org/selectors-4/#the-focus-visible-pseudo | https://github.com/WICG/focus-visible/blob/HEAD/explainer.md | |
| https://github.com/WICG/focus-visible | https://github.com/reactjs/react-transition-group | |
| http://reactcommunity.org/react-transition-group/transition/ | https://github.com/cssinjs/jss/issues/242 | |
| https://github.com/mui/material-ui/issues/31766 | https://html.spec.whatwg.org/multipage/form-control-infrastructure.html#autofill | |
| https://developer.mozilla.org/en-US/docs/Web/HTML/Element/input#Attributes | https://developer.mozilla.org/en-US/docs/Web/HTML/Element/input#Form_%3Cinput%3E_types | |
| https://getbootstrap.com/docs/4.3/layout/grid/ | https://github.com/kristoferjoseph/flexboxgrid/blob/master/src/css/flexboxgrid.css | |
| https://github.com/roylee0704/react-flexbox-grid | https://material.angularjs.org/latest/layout/introduction | |
| https://css-tricks.com/snippets/css/a-guide-to-flexbox/ | https://github.com/twbs/bootstrap/blob/8fccaa2439e97ec72a4b7dc42ccc1f649790adb0/scss/mixins/_grid.scss#L41 | |
| https://mui.com/r/input-component-ref-interface | https://facebook.github.io/react/docs/forms.html#controlled-components | |
| https://m2.material.io/components/menus#specs | https://www.w3.org/WAI/ARIA/apg/patterns/menu-button/. |
Raw Manifest
{ "name": "__MSG_extensionName__", "icons": { "16": "images/logo_16.png", "32": "images/logo_32.png", "48": "images/logo_48.png", "128": "images/logo_128.png" }, "action": {}, "author": "Platstack, LLC", "version": "4.5.7", "commands": { "_execute_action": { "suggested_key": { "mac": "Command+Shift+P", "default": "Ctrl+Shift+P" } } }, "background": { "service_worker": "background.js" }, "update_url": "https://clients2.google.com/service/update2/crx", "description": "__MSG_extensionDescription__", "permissions": [ "tabs", "scripting", "contextMenus" ], "default_locale": "en", "content_scripts": [ { "js": [ "content.js" ], "matches": [ "<all_urls>" ] } ], "host_permissions": [ "<all_urls>" ], "manifest_version": 3, "externally_connectable": { "matches": [ "https://platstack.com/*", "https://www.platstack.com/*", "https://dev.platstack.com/*", "http://localhost:3000/*", "https://platstack-frontend-staging.herokuapp.com/*" ] }, "web_accessible_resources": [ { "matches": [ "<all_urls>" ], "resources": [ "/images/*", "/animations/*" ] } ] }
ⓘ CRXaminer has partnered with our friends at Secure Annex to provide additional findings unique to their platform.
Secure Annex also analyzes extensions from other browsers, IDEs, and can continuously monitor.
This extension may not yet be analyzed by Secure Annex.