[ new scan ] [ statistics ] [ github ] [ twitter ] [ help ]

Font Picker

Version 1.0.5 View in Chrome Web Store

Last scanned: 10 months ago | force re-scan

Extension Details

Rating: 3.2 ★ (57 ratings)

Size: 358KiB

Last Updated: August 26, 2021

Users: 80,000

Context-Aware Verdict

HIGH

Overall Risk

Trust Factors:

- The extension has a relatively high number of users (80,000), which could indicate some level of trust.

- However, the lack of developer information and a low rating (3.2/5) raise concerns about the trustworthiness of the extension.

Concerns:

- The extension has the ability to inject scripts into any website, which poses a significant privacy and security risk as it could potentially read sensitive data, modify website content, or steal credentials.

- The "activeTab" and "contextMenus" permissions allow the extension to access and modify the active tab and context menu, which could be exploited for malicious purposes.

- The use of an older manifest version (Manifest V2) indicates that the extension may not have the latest security restrictions and protections.

Recommendations:

- Exercise caution when using this extension, as it has broad permissions and the ability to inject scripts into any website, which could compromise your privacy and security.

- Consider using alternative extensions from reputable developers that have similar functionality but with more limited permissions and better security practices.

- If you decide to use this extension, it is recommended to run it in a separate Chrome profile or a sandboxed environment to minimize potential risks.

- Regularly check for updates and reviews of the extension, and uninstall it if any security concerns arise.

Findings

HIGH

Broad Content Script Injection

This extension can inject scripts into any website. This means it could potentially read sensitive data, modify website content, or steal credentials.

MEDIUM

Medium-Risk Permission: activeTab

This extension has the activeTab permission. Can access the active tab when clicking the extension icon.

MEDIUM

Medium-Risk Permission: contextMenus

This extension has the contextMenus permission. Can add items to the context menu.

MEDIUM

Older Manifest Version

This extension uses Manifest Version 2, which has fewer security restrictions than Manifest V3. Consider using extensions that have upgraded to V3.

Raw Manifest

{
  "name": "Font Picker",
  "icons": {
    "48": "icons/icon48.png",
    "128": "icons/icon128.png"
  },
  "author": "Paul Krishnamurthy",
  "version": "1.0.5",
  "background": {
    "scripts": [
      "js/background.js"
    ]
  },
  "short_name": "FP",
  "update_url": "https://clients2.google.com/service/update2/crx",
  "description": "A simple helper to identify font details from any website",
  "permissions": [
    "contextMenus",
    "http://*/*",
    "https://*/*",
    "activeTab"
  ],
  "homepage_url": "https://paulkr.com/",
  "browser_action": {
    "default_icon": "icons/icon128.png",
    "default_popup": "popup.html",
    "default_title": "Font Picker"
  },
  "content_scripts": [
    {
      "js": [
        "js/jquery.min.js",
        "js/sweetalert.min.js",
        "js/content.js"
      ],
      "css": [
        "styles/sweetalert.css",
        "styles/custom.css"
      ],
      "matches": [
        "<all_urls>"
      ]
    }
  ],
  "manifest_version": 2,
  "web_accessible_resources": [
    "logo.png",
    "background.png"
  ]
}

by ✦ Astarte

Font Picker

Extension Details

Context-Aware Verdict

Findings

Security Analysis Details

Required Permissions:

Embedded URLs (5 total):

Raw Manifest

Detections

Manifest Findings

https://clients2.google.com/service/update2/crx	https://paulkr.com/
https://paulkr.com	https://github.com/limonte/sweetalert2/wiki/Migration-from-SweetAlert-to-SweetAlert2#1-ie-support
https://limonte.github.io/sweetalert2/#ajax-request