Extension Details
Context-Aware Verdict
The extension has extremely limited adoption with only 13 users and appears to be newly released, making it difficult to establish trust through community validation. While it maintains a perfect 5.0 rating, this is based on an insufficient sample size to be meaningful. The developer domain "notebook-hub.com" lacks established reputation in the extension ecosystem, and the absence of detailed developer information raises transparency concerns.
Key Concerns:
The extension requests unnecessarily broad permissions for what appears to be a NotebookLM enhancement tool. The tabs permission allows comprehensive browser tab manipulation and information access, which seems excessive for a notebook utility. Host permissions span multiple sensitive domains including Google accounts and YouTube, creating potential attack vectors. The localhost permission (port 27123) suggests local server communication, which could bypass browser security measures. The combination of broad host access with powerful tab manipulation capabilities creates significant privacy and security risks.
Given the high-risk profile and minimal user base, consider running this extension in a separate Chrome profile to isolate potential damage. Carefully evaluate whether the extension's functionality justifies the extensive permissions requested. Monitor the extension's behavior closely and consider alternatives with more established track records. If you must use it, regularly review what data it might be accessing and consider removing it when not actively needed. Wait for broader community adoption and reviews before trusting it with sensitive workflows.
Findings
Security Analysis Details
Required Permissions:
- storage
- sidePanel
- scripting
- tabs
- activeTab
Host Permissions:
- https://notebooklm.google.com/*
- https://accounts.google.com/*
- https://www.youtube.com/*
- http://localhost:27123/*
Embedded URLs (32 total):
| https://clients2.google.com/service/update2/crx | https://www.youtube.com/ | |
| https://notebooklm.google.com/ | https://accounts.google.com/ | |
| https://example.com/article1 | https://example.com/article2 | |
| https://notebooklm.google.com | https://youtu.be/ | |
| https://www.youtube.com | http://www.w3.org/2000/svg | |
| http://www.phpied.com/rgb-color-parser-in-javascript/ | http://www.myersdaily.org/joseph/javascript/md5.js | |
| http://www.fpdf.org/en/script/script37.php | http://opensource.org/licenses/mit-license | |
| https://www.cs.cmu.edu/~dst/Adobe/Gallery/anon21jul01-pdf-encryption.txt | https://github.com/foliojs/pdfkit/blob/master/lib/security.js | |
| https://cdnjs.cloudflare.com/ajax/libs/pdfobject/2.1.1/pdfobject.min.js | http://www.w3.org/1999/02/22-rdf-syntax-ns# | |
| http://jspdf.default.namespaceuri/ | https://html2canvas.hertzen.com | |
| https://hertzen.com | https://github.com/zloirock/core-js/blob/v3.49.0/LICENSE | |
| https://github.com/zloirock/core-js | https://accounts.google.com/ListAccounts?json=standard&source=ogb&md=1&cc=1&mn=1&mo=1&gpsia=1&fwput=860&listPages=1&origin=https%3A%2F%2Fwww.google.com | |
| https://accounts.google.com/ServiceLogin | http://www.w3.org/1998/Math/MathML | |
| http://www.w3.org/1999/xhtml | https://api.notion.com/v1 | |
| https://reactjs.org/docs/error-decoder.html?invariant= | http://www.w3.org/1999/xlink | |
| http://www.w3.org/XML/1998/namespace | https://github.com/pmndrs/zustand/discussions/1937 |
Raw Manifest
{ "name": "__MSG_extensionName__", "icons": { "16": "icons/icon16.png", "32": "icons/icon32.png", "48": "icons/icon48.png", "128": "icons/icon128.png" }, "action": { "default_icon": { "16": "icons/icon16.png", "32": "icons/icon32.png", "48": "icons/icon48.png", "128": "icons/icon128.png" }, "default_title": "NotebookLM Hub" }, "author": { "email": "dev@notebooklm-hub.example" }, "version": "0.1.3", "background": { "type": "module", "service_worker": "service-worker-loader.js" }, "options_ui": { "page": "src/options/index.html", "open_in_tab": true }, "side_panel": { "default_path": "src/sidepanel/index.html" }, "update_url": "https://clients2.google.com/service/update2/crx", "description": "__MSG_extensionDescription__", "permissions": [ "storage", "sidePanel", "scripting", "tabs", "activeTab" ], "default_locale": "en", "content_scripts": [ { "js": [ "assets/index.tsx-loader-DQFuX25U.js" ], "css": [], "run_at": "document_idle", "matches": [ "https://www.youtube.com/*" ] } ], "host_permissions": [ "https://notebooklm.google.com/*", "https://accounts.google.com/*", "https://www.youtube.com/*", "http://localhost:27123/*" ], "manifest_version": 3, "minimum_chrome_version": "114", "web_accessible_resources": [ { "matches": [ "https://www.youtube.com/*" ], "resources": [ "icons/*", "assets/messages-DnUvqtdC.js", "assets/index.tsx-COondaBY.js" ], "use_dynamic_url": false } ] }
ⓘ CRXaminer has partnered with our friends at Secure Annex to provide additional findings unique to their platform.
Secure Annex also analyzes extensions from other browsers, IDEs, and can continuously monitor.
This extension may not yet be analyzed by Secure Annex.