Extension Details
Context-Aware Verdict
The extension has a strong user base of 70,000 users and an excellent rating of 4.9 stars from 231 reviews, suggesting legitimate functionality for HWP document viewing and editing. However, the lack of visible developer information raises transparency concerns. The high rating indicates users find value in the extension's core functionality.
The extension's permission set is extremely broad and concerning for a document viewer. The combination of <all_urls> host permissions with content script injection creates a powerful surveillance capability across all websites. The downloads permission could facilitate data exfiltration, while clipboardWrite enables manipulation of copied content. Most alarming is the 'wasm-unsafe-eval' CSP directive, which allows execution of potentially obfuscated malicious code through WebAssembly. These permissions far exceed what's necessary for document viewing functionality and create multiple attack vectors.
Given the critical risk level, avoid installing this extension on your primary browser profile. If you must use it for HWP document functionality, create a dedicated Chrome profile with no sensitive browsing activity or stored credentials. Consider using alternative document viewers with more restrictive permissions, or use HWP documents in isolated environments like virtual machines. Monitor your system for unusual network activity if installed, and regularly review your download history and clipboard usage.
Findings
Security Analysis Details
Required Permissions:
- activeTab
- downloads
- contextMenus
- clipboardWrite
- storage
Host Permissions:
- <all_urls>
Content Security Policy:
- extension_pages: script-src 'self' 'wasm-unsafe-eval'; object-src 'self'
Embedded URLs (6 total):
| https://example.com/thumbs/preview.webp | http://www.w3.org/2000/svg | |
| https://cdn.jsdelivr.net/gh/projectnoonnu/noonfonts_2104@1.0/HANBatang.woff | https://cdn.jsdelivr.net/gh/projectnoonnu/noonfonts_four@1.0/HCRDotum.woff | |
| https://github.com/edwardkim/rhwp/issues/197 | https://clients2.google.com/service/update2/crx |
Raw Manifest
{ "name": "__MSG_extName__", "icons": { "16": "icons/icon-16.png", "32": "icons/icon-32.png", "48": "icons/icon-48.png", "128": "icons/icon-128.png" }, "action": { "default_icon": { "16": "icons/icon-16.png", "32": "icons/icon-32.png" }, "default_title": "__MSG_actionTitle__" }, "version": "0.2.1", "background": { "type": "module", "service_worker": "background.js" }, "options_ui": { "page": "options.html", "open_in_tab": true }, "update_url": "https://clients2.google.com/service/update2/crx", "description": "__MSG_extDescription__", "permissions": [ "activeTab", "downloads", "contextMenus", "clipboardWrite", "storage" ], "default_locale": "ko", "content_scripts": [ { "js": [ "content-script.js" ], "css": [ "content-script.css" ], "run_at": "document_idle", "matches": [ "<all_urls>" ] } ], "host_permissions": [ "<all_urls>" ], "manifest_version": 3, "content_security_policy": { "extension_pages": "script-src 'self' 'wasm-unsafe-eval'; object-src 'self'" }, "web_accessible_resources": [ { "matches": [ "<all_urls>" ], "resources": [ "wasm/*", "fonts/*", "icons/*", "dev-tools-inject.js" ] } ] }
ⓘ CRXaminer has partnered with our friends at Secure Annex to provide additional findings unique to their platform.
Secure Annex also analyzes extensions from other browsers, IDEs, and can continuously monitor.
This extension may not yet be analyzed by Secure Annex.