[ new scan ] [ statistics ] [ github ] [ twitter ] [ help ]

Tab Copy

Version 4.1.1 View in Chrome Web Store

Last scanned: about 9 hours ago

Extension Details

Developer: tabcopy.com

Rating: 4.7 ★ (660 ratings)

Users: 100,000

Context-Aware Verdict

HIGH

Overall Risk

Trust Factors:

The extension has a solid user base of 100,000 users and maintains a strong 4.7-star rating from 660 reviews, indicating general user satisfaction. The developer operates under the domain tabcopy.com, suggesting a dedicated service. The extension uses Manifest V3, which provides better security controls than older versions.

Concerns:

The primary concern is the combination of tabs and clipboardWrite permissions, which creates significant privacy and security risks. The tabs permission allows the extension to access information from all browser tabs, including URLs, titles, and potentially sensitive data. Combined with clipboardWrite capability, this could enable the extension to copy sensitive information from tabs directly to the clipboard without user awareness. While these permissions align with the extension's stated purpose of copying tab information, they represent a broad attack surface that could be exploited if the extension is compromised or acts maliciously.

Recommendations:

Consider running this extension in a separate Chrome profile dedicated to non-sensitive browsing activities. Regularly review what information you're copying and be cautious when using it on tabs containing sensitive data like banking or personal information. Monitor the extension's behavior and disable it when not actively needed. Given the legitimate use case but high-risk permissions, users should weigh the convenience against the potential privacy implications of granting such broad access to tab information and clipboard control.

Findings

HIGH

High-Risk Permission: clipboardWrite

This extension has the clipboardWrite permission. Can modify clipboard content. This could potentially be used maliciously to compromise security or privacy.

HIGH

High-Risk Permission: tabs

This extension has the tabs permission. Can access browser tab information and manipulate tabs. This could potentially be used maliciously to compromise security or privacy.

MEDIUM

Medium-Risk Permission: contextMenus

This extension has the contextMenus permission. Can add items to the context menu.

MEDIUM

Medium-Risk Permission: storage

This extension has the storage permission. Can store data locally.

Security Analysis Details

Required Permissions:

tabs
storage
contextMenus
offscreen
clipboardWrite

Optional Permissions:

notifications

Content Security Policy:

extension_pages: script-src 'self'; object-src 'self'

Embedded URLs (25 total):

https://github.com/hansifer	https://creativecommons.org/licenses/by-nc-nd/4.0/legalcode
https://clients2.google.com/service/update2/crx	http://www.w3.org/2000/svg
https://www.example.com/	https://example.com/search?q=kittens
http://example.com/folder/doc.html#fragment	https://tabcopy.com/
https://tabcopy.com/favicon.ico	https://sessionbuddy.com/
https://sessionbuddy.com/wp-content/uploads/2024/03/logo-128-60x60.png	https://tabcopy.com/docs
https://github.com/hansifer/tab-copy	https://chromewebstore.google.com/detail/tab-copy/micdllihgoppmejpecmkilggmaagfdmb/reviews
https://tabcopy.com/donate	https://reactjs.org/docs/error-decoder.html?invariant=
http://www.w3.org/1999/xlink	http://www.w3.org/XML/1998/namespace
http://www.w3.org/1998/Math/MathML	http://www.w3.org/1999/xhtml
https://example.com	https://tabcopy.com/docs/one-click-copy
https://tabcopy.com/docs/options#show-tab-counts	https://tabcopy.com/releases/4-1-0
https://tabcopy.com/releases

Raw Manifest

{
  "name": "Tab Copy",
  "icons": {
    "16": "img/logo-16.png",
    "32": "img/logo-32.png",
    "48": "img/logo-48.png",
    "128": "img/logo-128.png"
  },
  "action": {
    "default_icon": "img/logo-48.png",
    "default_popup": "popup.html"
  },
  "version": "4.1.1",
  "commands": {
    "3copy-all-tabs": {
      "description": "Copy all tabs"
    },
    "2copy-window-tabs": {
      "description": "Copy window tabs"
    },
    "1copy-highlighted-tabs": {
      "description": "Copy selected tabs"
    },
    "4copy-all-windows-and-tabs": {
      "description": "Copy all tabs by window"
    }
  },
  "background": {
    "type": "module",
    "service_worker": "service-worker-loader.js"
  },
  "update_url": "https://clients2.google.com/service/update2/crx",
  "description": "Quickly copy tabs to the clipboard in a variety of formats",
  "permissions": [
    "tabs",
    "storage",
    "contextMenus",
    "offscreen",
    "clipboardWrite"
  ],
  "options_page": "options.html",
  "manifest_version": 3,
  "optional_permissions": [
    "notifications"
  ],
  "minimum_chrome_version": "116",
  "content_security_policy": {
    "extension_pages": "script-src 'self'; object-src 'self'"
  }
}

by ✦ Astarte

Tab Copy

Extension Details

Context-Aware Verdict

Findings

Security Analysis Details

Required Permissions:

Optional Permissions:

Content Security Policy:

Embedded URLs (25 total):

Raw Manifest

Detections

Manifest Findings