Extension Details
Context-Aware Verdict
The extension has very limited trust indicators with only 1,000 users and 15 ratings, suggesting minimal adoption. The perfect 5.0 rating could indicate either genuine satisfaction or insufficient review volume. The developer website (multi-rtl.asia-digital.online) appears to be a non-standard domain, which raises questions about the developer's legitimacy and long-term commitment.
The extension exhibits several red flags that justify a critical risk assessment. The combination of identity permissions with broad host access creates a dangerous attack surface - it can access your Google identity information while simultaneously having unrestricted access to all websites you visit. The content script injection capability across all URLs means it could potentially intercept login credentials, banking information, or other sensitive data on any website. The storage permission, while seemingly benign, could be used to persist stolen data. Most concerning is that these extensive permissions appear disproportionate for what seems to be an RTL (right-to-left text) formatting tool, suggesting potential overreach or malicious intent.
Do not install this extension given the critical risk level. If RTL text support is needed, seek alternatives from established developers with transparent privacy policies and appropriate permission scopes. If you must use this extension, run it in a completely isolated Chrome profile with no access to sensitive accounts or websites, and monitor your accounts closely for any unauthorized activity.
Findings
Security Analysis Details
Required Permissions:
- storage
- activeTab
- sidePanel
- identity
- identity.email
Host Permissions:
- <all_urls>
Embedded URLs (6 total):
| https://multi-rtl.com/#guide | http://www.w3.org/2000/svg | |
| https://api.payvia.site | https://multi-rtl.com | |
| https://raw.githubusercontent.com/Asia-Digital/Multi-RTL-Configs/main/configs | https://clients2.google.com/service/update2/crx |
Raw Manifest
{ "name": "Multi-RTL", "icons": { "16": "assets/icons/icon16.png", "32": "assets/icons/icon32.png", "48": "assets/icons/icon48.png", "128": "assets/icons/icon128.png" }, "action": { "default_icon": { "16": "assets/icons/icon16.png", "32": "assets/icons/icon32.png", "48": "assets/icons/icon48.png", "128": "assets/icons/icon128.png" }, "default_title": "Multi-RTL Settings" }, "version": "6.3.1", "commands": { "rescan": { "description": "Toggle RTL/LTR direction", "suggested_key": { "mac": "Command+Shift+H", "default": "Ctrl+Shift+H" } } }, "background": { "service_worker": "src/background.js" }, "side_panel": { "default_path": "src/popup.html" }, "update_url": "https://clients2.google.com/service/update2/crx", "description": "Configurable RTL support for any website - Supports Hebrew, Arabic & Persian", "permissions": [ "storage", "activeTab", "sidePanel", "identity", "identity.email" ], "content_scripts": [ { "js": [ "src/utils.js", "src/content.js" ], "css": [ "src/styles.css" ], "run_at": "document_end", "matches": [ "<all_urls>" ] } ], "host_permissions": [ "<all_urls>" ], "manifest_version": 3, "web_accessible_resources": [ { "matches": [ "<all_urls>" ], "resources": [ "assets/icons/icon16.png" ] } ] }
ⓘ CRXaminer has partnered with our friends at Secure Annex to provide additional findings unique to their platform.
Secure Annex also analyzes extensions from other browsers, IDEs, and can continuously monitor.
This extension may not yet be analyzed by Secure Annex.