Starting analysis...
Extension Details
Rating:
3.2 ★
(57 ratings)
Size:
358KiB
Last Updated:
August 26, 2021
Users:
80,000
Context-Aware Verdict
This section provides a Claude-based AI analysis that applies additional context to the risk. Results are not guaranteed to be accurate.
HIGH
Risk Level
Trust Factors:
- The extension has a relatively high number of users (80,000), which could indicate some level of trust.
- However, the lack of developer information and a low rating (3.2/5) raise concerns about the trustworthiness of the extension.
Concerns:
- The extension has the ability to inject scripts into any website, which poses a significant privacy and security risk as it could potentially read sensitive data, modify website content, or steal credentials.
- The "activeTab" and "contextMenus" permissions allow the extension to access and modify the active tab and context menu, which could be exploited for malicious purposes.
- The use of an older manifest version (Manifest V2) indicates that the extension may not have the latest security restrictions and protections.
Recommendations:
- Exercise caution when using this extension, as it has broad permissions and the ability to inject scripts into any website, which could compromise your privacy and security.
- Consider using alternative extensions from reputable developers that have similar functionality but with more limited permissions and better security practices.
- If you decide to use this extension, it is recommended to run it in a separate Chrome profile or a sandboxed environment to minimize potential risks.
- Regularly check for updates and reviews of the extension, and uninstall it if any security concerns arise.
Security Analysis
This section provides a detailed analysis of the extension's security posture, without broader context. Assumes worst-case impact.
MEDIUM
Overall Risk
Based on 4 total findings, ranked without considering overall context, including 1 high-risk and 3 medium-risk findings.
HIGH
Broad Content Script Injection
This extension can inject scripts into any website. This means it could potentially read sensitive data, modify website content, or steal credentials.
MEDIUM
Medium-Risk Permission: activeTab
This extension has the activeTab permission. Can access the active tab when clicking the extension icon.
MEDIUM
Medium-Risk Permission: contextMenus
This extension has the contextMenus permission. Can add items to the context menu.
MEDIUM
Older Manifest Version
This extension uses Manifest Version 2, which has fewer security restrictions than Manifest V3. Consider using extensions that have upgraded to V3.
Security Analysis Details
Required Permissions:
- contextMenus
- http://*/*
- https://*/*
- activeTab
Embedded URLs (5 total):
| https://clients2.google.com/service/update2/crx | https://paulkr.com/ | |
| https://paulkr.com | https://github.com/limonte/sweetalert2/wiki/Migration-from-SweetAlert-to-SweetAlert2#1-ie-support | |
| https://limonte.github.io/sweetalert2/#ajax-request |
Raw Manifest
{ "name": "Font Picker", "icons": { "48": "icons/icon48.png", "128": "icons/icon128.png" }, "author": "Paul Krishnamurthy", "version": "1.0.5", "background": { "scripts": [ "js/background.js" ] }, "short_name": "FP", "update_url": "https://clients2.google.com/service/update2/crx", "description": "A simple helper to identify font details from any website", "permissions": [ "contextMenus", "http://*/*", "https://*/*", "activeTab" ], "homepage_url": "https://paulkr.com/", "browser_action": { "default_icon": "icons/icon128.png", "default_popup": "popup.html", "default_title": "Font Picker" }, "content_scripts": [ { "js": [ "js/jquery.min.js", "js/sweetalert.min.js", "js/content.js" ], "css": [ "styles/sweetalert.css", "styles/custom.css" ], "matches": [ "<all_urls>" ] } ], "manifest_version": 2, "web_accessible_resources": [ "logo.png", "background.png" ] }
Secure Annex (beta)
Coming soon...