[ new scan ] [ statistics ] [ github ] [ twitter ] [ help ]

Mouse Pinch-To-Zoom

Version 2.5.1 View in Chrome Web Store

Last scanned: about 7 hours ago

Extension Details

Rating: 4.8 ★ (246 ratings)

Users: 10,000

Context-Aware Verdict

MEDIUM

Overall Risk

Trust Factors:

The extension has a solid user base of 10,000 users with an excellent 4.8-star rating from 246 reviews, indicating positive user experiences. The functionality appears legitimate for a pinch-to-zoom tool that would need to interact with web pages to provide zoom capabilities. The use of Manifest V3 shows the developer is keeping up with modern Chrome extension standards.

Concerns:

The primary concern is the broad content script injection across all URLs, which grants the extension access to read and modify content on every website you visit. While this capability is likely necessary for implementing zoom functionality, it creates significant potential for data access. The storage permission allows the extension to save data locally, and the notifications permission enables it to display system notifications, both of which are relatively standard but worth noting.

Recommendations:

Given the medium risk level, consider running this extension in a separate Chrome profile if you frequently handle sensitive information online. Before installing, verify that the zoom functionality truly requires access to all websites rather than being limited to specific sites. Monitor the extension's behavior after installation and be cautious about any unexpected notifications or changes to website behavior. Consider whether built-in browser zoom features or more limited alternatives might meet your needs with less broad access requirements.

Findings

HIGH

Broad Content Script Injection

This extension can inject scripts into any website. This means it could potentially read sensitive data, modify website content, or steal credentials.

MEDIUM

Medium-Risk Permission: notifications

This extension has the notifications permission. Can show notifications.

MEDIUM

Medium-Risk Permission: storage

This extension has the storage permission. Can store data locally.

Raw Manifest

{
  "name": "Mouse Pinch-To-Zoom",
  "icons": {
    "16": "icons/icon16.png",
    "32": "icons/icon32.png",
    "48": "icons/icon48.png",
    "128": "icons/icon128.png"
  },
  "action": {
    "default_popup": "options/options.html"
  },
  "version": "2.5.1",
  "background": {
    "service_worker": "background.js"
  },
  "options_ui": {
    "page": "options/options.html",
    "open_in_tab": false
  },
  "update_url": "https://clients2.google.com/service/update2/crx",
  "description": "Zoom in on a specific part of the website, like you would with a touchpad gesture!",
  "permissions": [
    "storage",
    "notifications"
  ],
  "content_scripts": [
    {
      "js": [
        "content/prep.js"
      ],
      "run_at": "document_start",
      "matches": [
        "<all_urls>"
      ],
      "all_frames": true
    },
    {
      "js": [
        "content/handlers.js",
        "content/configure.js",
        "content/iframe.js",
        "content/scale.js",
        "content/absolute.js"
      ],
      "run_at": "document_end",
      "matches": [
        "<all_urls>"
      ],
      "all_frames": true
    }
  ],
  "manifest_version": 3
}

by ✦ Astarte

https://clients2.google.com/service/update2/crx	https://www.buymeacoffee.com/nizioleque
https://chrome.google.com/webstore/detail/mouse-pinch-to-zoom/pffiadlahfhoniddbipeiiohjnlongfi/reviews	https://chrome.google.com/webstore/detail/pffiadlahfhoniddbipeiiohjnlongfi
https://addons.mozilla.org/en-US/firefox/addon/mouse-pinch-to-zoom/	https://user-images.githubusercontent.com/92390086/168915530-35dbd0d9-104e-417d-9d7e-2bfcdafd5893.mp4
https://www.google.com/search?q=cute+kittens&tbm=isch

Mouse Pinch-To-Zoom

Extension Details

Context-Aware Verdict

Findings

Security Analysis Details

Required Permissions:

Embedded URLs (7 total):

Raw Manifest

Detections

Manifest Findings