Starting analysis...
Extension Details
Developer:
keybase.io
Rating:
4.0 ★
(65 ratings)
Size:
434KiB
Last Updated:
October 8, 2018
Users:
5,000
Context-Aware Verdict
This section provides a Claude-based AI analysis that applies additional context to the risk. Results are not guaranteed to be accurate.
MEDIUM
Risk Level
Trust Factors:
- The extension is developed by Keybase, a reputable company focused on secure messaging and file sharing.
- It has a decent number of users (5,000) and a relatively high rating (4.0/5) from 65 reviews, suggesting a level of trust from the user community.
Concerns:
- The extension requests several permissions that may be considered unnecessary or overly broad for its stated purpose, such as activeTab, contextMenus, and declarativeContent.
- The content scripts have access to various popular websites like Reddit, Twitter, Facebook, GitHub, and Hacker News, which could potentially be a privacy concern if the extension is not handling user data securely.
- The extension is still using the older Manifest Version 2, which has fewer security restrictions compared to the newer Manifest Version 3.
Recommendations:
- Review the extension's privacy policy and terms of service to understand how user data is handled and what the extension's capabilities are.
- Consider running the extension in a separate Chrome profile or a dedicated browser instance to isolate it from your main browsing activities.
- Monitor the extension's behavior and network activity for any suspicious or unexpected actions.
- Keep an eye on updates from the developer and the extension's reviews to stay informed about any potential issues or concerns raised by the community.
- If you have concerns about the extension's permissions or behavior, consider uninstalling it or using an alternative solution that better aligns with your security and privacy requirements.
Security Analysis
This section provides a detailed analysis of the extension's security posture, without broader context. Assumes worst-case impact.
MEDIUM
Overall Risk
Based on 4 total findings, ranked without considering overall context, including 0 high-risk and 4 medium-risk findings.
MEDIUM
Medium-Risk Permission: activeTab
This extension has the activeTab permission. Can access the active tab when clicking the extension icon.
MEDIUM
Medium-Risk Permission: contextMenus
This extension has the contextMenus permission. Can add items to the context menu.
MEDIUM
Medium-Risk Permission: storage
This extension has the storage permission. Can store data locally.
MEDIUM
Older Manifest Version
This extension uses Manifest Version 2, which has fewer security restrictions than Manifest V3. Consider using extensions that have upgraded to V3.
Security Analysis Details
Required Permissions:
- activeTab
- contextMenus
- declarativeContent
- nativeMessaging
- storage
Embedded URLs (329 total):
| https://developer.chrome.com/extensions/declarativeContent | https://keybase.io/ | |
| https://www.reddit.com/user/ | https://twitter.com/ | |
| https://facebook.com/ | https://github.com/ | |
| https://news.ycombinator.com/user?id= | https://www.owasp.org/index.php/XSS_ | |
| https://keybase.io/docs/extension | https://developer.chrome.com/extensions/examples/api/pageAction/pageaction_by_url/background.js | |
| http://www.w3.org/2000/svg | http://www.w3.org/1999/xlink | |
| http://www.w3.org/1999/xhtml | https://github.com/patrick-steele-idem/morphdom/issues/32 | |
| https://html.spec.whatwg.org/multipage/infrastructure.html#boolean-attributes | https://keybase.io/reddit-crypto | |
| https://keybase.io/download | https://reddit.com/ | |
| https://www.facebook.com/ | https://news.ycombinator.com/user | |
| https://stedolan.github.io/jq/download | https://keybase.io/joshblum | |
| https://www.reddit.com/user/joshblum | https://news.ycombinator.com/user?id=josh_blum | |
| https://github.com/joshblum | https://twitter.com/blumua | |
| https://www.facebook.com/ccoyne77 | https://www.reddit.com/prefs | |
| https://registry.yarnpkg.com/abbrev/-/abbrev-1.1.1.tgz#f8f2c887ad10bf67f634f005b6987fed3179aac8 | https://registry.yarnpkg.com/acorn-dynamic-import/-/acorn-dynamic-import-2.0.2.tgz#c752bd210bef679501b6c6cb7fc84f8f47158cc4 | |
| https://registry.yarnpkg.com/acorn/-/acorn-4.0.13.tgz#105495ae5361d697bd195c825192e1ad7f253787 | https://registry.yarnpkg.com/acorn/-/acorn-5.3.0.tgz#7446d39459c54fb49a80e6ee6478149b940ec822 | |
| https://registry.yarnpkg.com/ajv-keywords/-/ajv-keywords-1.5.1.tgz#314dd0a4b3368fad3dfcdc54ede6171b886daf3c | https://registry.yarnpkg.com/ajv/-/ajv-4.11.8.tgz#82ffb02b29e662ae53bdc20af15947706739c536 | |
| https://registry.yarnpkg.com/align-text/-/align-text-0.1.4.tgz#0cd90a561093f35d0a99256c22b7069433fad117 | https://registry.yarnpkg.com/ansi-regex/-/ansi-regex-2.1.1.tgz#c3b33ab5ee360d86e0e628f0468ae7ef27d654df | |
| https://registry.yarnpkg.com/anymatch/-/anymatch-1.3.2.tgz#553dcb8f91e3c889845dfdba34c77721b90b9d7a | https://registry.yarnpkg.com/aproba/-/aproba-1.2.0.tgz#6802e6264efd18c790a1b0d517f0f2627bf2c94a | |
| https://registry.yarnpkg.com/are-we-there-yet/-/are-we-there-yet-1.1.4.tgz#bb5dca382bb94f05e15194373d16fd3ba1ca110d | https://registry.yarnpkg.com/arr-diff/-/arr-diff-2.0.0.tgz#8f3b827f955a8bd669697e4a4256ac3ceae356cf | |
| https://registry.yarnpkg.com/arr-flatten/-/arr-flatten-1.1.0.tgz#36048bbff4e7b47e136644316c99669ea5ae91f1 | https://registry.yarnpkg.com/array-unique/-/array-unique-0.2.1.tgz#a1d97ccafcbc2625cc70fadceb36a50c58b01a53 | |
| https://registry.yarnpkg.com/asn1.js/-/asn1.js-4.9.2.tgz#8117ef4f7ed87cd8f89044b5bff97ac243a16c9a | https://registry.yarnpkg.com/asn1/-/asn1-0.2.3.tgz#dac8787713c9966849fc8180777ebe9c1ddf3b86 | |
| https://registry.yarnpkg.com/assert-plus/-/assert-plus-1.0.0.tgz#f12e0f3c5d77b0b1cdd9146942e4e96c1e4dd525 | https://registry.yarnpkg.com/assert-plus/-/assert-plus-0.2.0.tgz#d74e1b87e7affc0db8aadb7021f3fe48101ab234 | |
| https://registry.yarnpkg.com/assert/-/assert-1.4.1.tgz#99912d591836b5a6f5b345c0f07eefc08fc65d91 | https://registry.yarnpkg.com/async-each/-/async-each-1.0.1.tgz#19d386a1d9edc6e7c1c85d388aedbcc56d33602d | |
| https://registry.yarnpkg.com/async/-/async-2.6.0.tgz#61a29abb6fcc026fea77e56d1c6ec53a795951f4 | https://registry.yarnpkg.com/asynckit/-/asynckit-0.4.0.tgz#c79ed97f7f34cb8f2ba1bc9790bcc366474b4b79 | |
| https://registry.yarnpkg.com/aws-sign2/-/aws-sign2-0.6.0.tgz#14342dd38dbcc94d0e5b87d763cd63612c0e794f | https://registry.yarnpkg.com/aws4/-/aws4-1.6.0.tgz#83ef5ca860b2b32e4a0deedee8c771b9db57471e | |
| https://registry.yarnpkg.com/balanced-match/-/balanced-match-1.0.0.tgz#89b4d199ab2bee49de164ea02b89ce462d71b767 | https://registry.yarnpkg.com/base64-js/-/base64-js-1.2.1.tgz#a91947da1f4a516ea38e5b4ec0ec3773675e0886 | |
| https://registry.yarnpkg.com/bcrypt-pbkdf/-/bcrypt-pbkdf-1.0.1.tgz#63bc5dcb61331b92bc05fd528953c33462a06f8d | https://registry.yarnpkg.com/bel/-/bel-5.1.5.tgz#99d9381ce8503b120702e920e23daf515a6cba53 | |
| https://registry.yarnpkg.com/big.js/-/big.js-3.2.0.tgz#a5fc298b81b9e0dca2e458824784b65c52ba588e | https://registry.yarnpkg.com/binary-extensions/-/binary-extensions-1.11.0.tgz#46aa1751fb6a2f93ee5e689bb1087d4b14c6c205 | |
| https://registry.yarnpkg.com/block-stream/-/block-stream-0.0.9.tgz#13ebfe778a03205cfe03751481ebb4b3300c126a | https://registry.yarnpkg.com/bn.js/-/bn.js-4.11.8.tgz#2cde09eb5ee341f484746bb0309b3253b1b1442f | |
| https://registry.yarnpkg.com/boom/-/boom-2.10.1.tgz#39c8918ceff5799f83f9492a848f625add0c766f | https://registry.yarnpkg.com/brace-expansion/-/brace-expansion-1.1.8.tgz#c07b211c7c952ec1f8efd51a77ef0d1d3990a292 | |
| https://registry.yarnpkg.com/braces/-/braces-1.8.5.tgz#ba77962e12dff969d6b76711e914b737857bf6a7 | https://registry.yarnpkg.com/brorand/-/brorand-1.1.0.tgz#12c25efe40a45e3c323eb8675a0a0ce57b22371f | |
| https://registry.yarnpkg.com/browserify-aes/-/browserify-aes-1.1.1.tgz#38b7ab55edb806ff2dcda1a7f1620773a477c49f | https://registry.yarnpkg.com/browserify-cipher/-/browserify-cipher-1.0.0.tgz#9988244874bf5ed4e28da95666dcd66ac8fc363a | |
| https://registry.yarnpkg.com/browserify-des/-/browserify-des-1.0.0.tgz#daa277717470922ed2fe18594118a175439721dd | https://registry.yarnpkg.com/browserify-rsa/-/browserify-rsa-4.0.1.tgz#21e0abfaf6f2029cf2fafb133567a701d4135524 | |
| https://registry.yarnpkg.com/browserify-sign/-/browserify-sign-4.0.4.tgz#aa4eb68e5d7b658baa6bf6a57e630cbd7a93d298 | https://registry.yarnpkg.com/browserify-zlib/-/browserify-zlib-0.2.0.tgz#2869459d9aa3be245fe8fe2ca1f46e2e7f54d73f | |
| https://registry.yarnpkg.com/buffer-xor/-/buffer-xor-1.0.3.tgz#26e61ed1422fb70dd42e6e36729ed51d855fe8d9 | https://registry.yarnpkg.com/buffer/-/buffer-4.9.1.tgz#6d1bb601b07a4efced97094132093027c95bc298 | |
| https://registry.yarnpkg.com/builtin-modules/-/builtin-modules-1.1.1.tgz#270f076c5a72c02f5b65a47df94c5fe3a278892f | https://registry.yarnpkg.com/builtin-status-codes/-/builtin-status-codes-3.0.0.tgz#85982878e21b98e1c66425e03d0174788f569ee8 | |
| https://registry.yarnpkg.com/camelcase/-/camelcase-1.2.1.tgz#9bb5304d2e0b56698b2c758b08a3eaa9daa58a39 | https://registry.yarnpkg.com/camelcase/-/camelcase-3.0.0.tgz#32fc4b9fcdaf845fcdf7e73bb97cac2261f0ab0a | |
| https://registry.yarnpkg.com/caseless/-/caseless-0.12.0.tgz#1b681c21ff84033c826543090689420d187151dc | https://registry.yarnpkg.com/center-align/-/center-align-0.1.3.tgz#aa0d32629b6ee972200411cbd4461c907bc2b7ad | |
| https://registry.yarnpkg.com/chokidar/-/chokidar-1.7.0.tgz#798e689778151c8076b4b360e5edd28cda2bb468 | https://registry.yarnpkg.com/cipher-base/-/cipher-base-1.0.4.tgz#8760e4ecc272f4c363532f926d874aae2c1397de |
Page 1 of 5
Raw Manifest
{ "name": "Keybase", "icons": { "48": "images/icon-keybase-logo-48.png", "128": "images/icon-keybase-logo-128.png" }, "version": "1.10.16", "background": { "scripts": [ "js/identities.js", "js/background.js" ] }, "options_ui": { "page": "html/options.html", "chrome_style": true }, "short_name": "Keybase", "update_url": "https://clients2.google.com/service/update2/crx", "description": "A secure chat button for every profile.", "permissions": [ "activeTab", "contextMenus", "declarativeContent", "nativeMessaging", "storage" ], "browser_action": { "default_icon": "images/icon-keybase-logo-logged-out-64.png", "default_popup": "html/popup.html", "default_title": "Keybase Chat" }, "content_scripts": [ { "js": [ "js/bundle.js", "js/identities.js", "js/inject.js", "js/content.js" ], "css": [ "css/fonts.css", "css/style.css" ], "run_at": "document_end", "matches": [ "https://reddit.com/*", "https://*.reddit.com/*", "https://twitter.com/*", "https://www.facebook.com/*", "https://github.com/*", "https://news.ycombinator.com/user*", "https://keybase.io/*" ] } ], "manifest_version": 2, "web_accessible_resources": [ "images/*", "fonts/*" ] }
Secure Annex (beta)
Coming soon...