Extension Details
Context-Aware Verdict
The extension has a moderate user base of 60,000 users and a decent rating of 4.2/5, suggesting some level of user satisfaction. However, the lack of developer information and company details raises transparency concerns. The extension's purpose - enabling copy functionality on websites that normally restrict it - is legitimate and addresses a common user need.
The extension's permission set is extremely broad and excessive for its stated functionality. The combination of tabs permission, universal host permissions (*://*/*), and content script injection across all URLs creates a powerful surveillance and data collection capability. The gcm (Google Cloud Messaging) permission is particularly concerning as it enables remote communication that could be used for data exfiltration. For a simple copy-enabling tool, these permissions represent significant overreach that could allow the extension to monitor all browsing activity, access sensitive data on any website, and potentially steal credentials or personal information.
Given the high risk profile, consider running this extension in a separate Chrome profile isolated from sensitive browsing activities. Before installation, evaluate if the copy functionality is truly necessary for your workflow. Alternative solutions include using browser developer tools to temporarily disable copy restrictions, or seeking extensions with more limited permissions that achieve the same goal. If you must use this extension, regularly audit your browsing data and consider using it only on non-sensitive websites.
Findings
Security Analysis Details
Required Permissions:
- tabs
- storage
- scripting
- notifications
- gcm
Host Permissions:
- *://*/*
Embedded URLs (9 total):
| https://reactjs.org/docs/error-decoder.html?invariant= | http://www.w3.org/1999/xlink | |
| http://www.w3.org/XML/1998/namespace | http://www.w3.org/1999/xhtml | |
| http://www.w3.org/1998/Math/MathML | http://www.w3.org/2000/svg | |
| https://reactjs.org/link/react-polyfills | https://enablecopy.fontguesser.com | |
| https://clients2.google.com/service/update2/crx |
Raw Manifest
{ "name": "__MSG_appTitle__", "icons": { "16": "green icon 16.png", "48": "Green 64.png", "128": "Green 128.png" }, "action": { "default_icon": "Green 128.png", "default_popup": "popup.html", "default_title": "__MSG_appTitle__" }, "version": "1.1.0", "background": { "service_worker": "background.js" }, "update_url": "https://clients2.google.com/service/update2/crx", "description": "__MSG_appDesc__", "permissions": [ "tabs", "storage", "scripting", "notifications", "gcm" ], "options_page": "options.html", "default_locale": "en", "content_scripts": [ { "js": [ "contentScript.js" ], "run_at": "document_start", "matches": [ "<all_urls>" ], "all_frames": true, "exclude_globs": [ "*://*.google.com/*" ] } ], "host_permissions": [ "*://*/*" ], "manifest_version": 3 }
ⓘ CRXaminer has partnered with our friends at Secure Annex to provide additional findings unique to their platform.
Secure Annex also analyzes extensions from other browsers, IDEs, and can continuously monitor.
This extension may not yet be analyzed by Secure Annex.