Extension Details
Context-Aware Verdict
The extension has a decent rating of 4.3, which suggests some user satisfaction. However, critical information is missing including the number of users, developer details, and last update date, making it difficult to assess the extension's legitimacy and maintenance status. The minimal name "tiny" and lack of clear description raise additional concerns about transparency.
The extension requests an excessive combination of permissions that create significant security risks. The tabs permission combined with broad content script injection across all URLs creates a dangerous attack surface. The extension can monitor all browsing activity, manipulate any website, and potentially harvest sensitive data including login credentials and personal information. The storage permission allows it to persist collected data locally. The alarms, scripting, and windows permissions further expand its capabilities to perform automated actions and control the browser environment.
Given the high-risk permission set and lack of transparency, avoid installing this extension unless absolutely necessary. If you must use it, create a dedicated Chrome profile with minimal sensitive browsing activity. Regularly monitor the extension's behavior and remove it immediately if you notice suspicious activity. Consider finding alternative extensions with more limited permissions that accomplish the same functionality. Always verify the developer's identity and read recent reviews before installation.
Findings
Security Analysis Details
Required Permissions:
- storage
- alarms
- activeTab
- scripting
- tabs
- windows
Embedded URLs (8 total):
| https://fonts.googleapis.com/css2?family=DM+Sans:ital | https://fonts.googleapis.com/css2?family=Poppins:wght@700 | |
| http://www.w3.org/2000/svg | https://tiny-app.de/uninstall?userId= | |
| http://www.w3.org/1999/xlink | https://script.google.com/macros/s/AKfycbx7W6276rwSl6_Yeestxl6mHNgtzsOAktECuvd3A62LjtPHxtONKlMZ2OZ0MYfWKgoqQg/exec | |
| https://clients2.google.com/service/update2/crx | https://www.go-tiny.app |
Raw Manifest
{ "name": "tiny", "icons": { "16": "icons/icon16.png", "32": "icons/icon32.png", "48": "icons/icon48.png", "128": "icons/icon128.png" }, "action": { "default_icon": { "16": "icons/icon16.png", "32": "icons/icon32.png", "48": "icons/icon48.png", "128": "icons/icon128.png" }, "default_popup": "popup.html" }, "version": "1.4.2", "background": { "service_worker": "background.js" }, "update_url": "https://clients2.google.com/service/update2/crx", "description": "Nervensystem-Regulierung durch kleine Mikro-Pausen.", "permissions": [ "storage", "alarms", "activeTab", "scripting", "tabs", "windows" ], "homepage_url": "https://www.go-tiny.app", "content_scripts": [ { "js": [ "content.js" ], "css": [ "content.css" ], "matches": [ "<all_urls>" ] } ], "manifest_version": 3, "web_accessible_resources": [ { "matches": [ "<all_urls>" ], "resources": [ "images/*", "trophy-card-*.html", "audio/*" ] } ] }
ⓘ CRXaminer has partnered with our friends at Secure Annex to provide additional findings unique to their platform.
Secure Annex also analyzes extensions from other browsers, IDEs, and can continuously monitor.
This extension may not yet be analyzed by Secure Annex.