[ new scan ] [ statistics ] [ github ] [ twitter ] [ help ]

Starting analysis...

FastSave

Version 3.8.1 View in Chrome Web Store

Last scanned: 3 months ago | force re-scan

Extension Details

Rating: 3.5 ★ (328 ratings)

Users: 100,000

Context-Aware Verdict

CRITICAL

Overall Risk

Trust Factors:

The extension has a moderate user base of 100,000 users, which suggests some level of adoption. However, the 3.5-star rating from 328 reviews indicates mixed user satisfaction. The lack of clear developer information and company details raises transparency concerns. The generic name "FastSave" without a clear description makes it difficult to assess the extension's legitimate purpose.

Concerns:

The extension's permission set is extremely broad and concerning for what appears to be a download/save utility. The combination of webRequest interception, cookie access, and universal host permissions creates a perfect storm for data harvesting. Content script injection across all websites allows the extension to read and modify any webpage content, including sensitive information like passwords and personal data. The downloads permission, while potentially legitimate for a "save" tool, combined with other permissions could enable unauthorized file downloads. The tabs permission allows monitoring of browsing behavior across all websites.

Recommendations:

Given the critical risk level, avoid installing this extension entirely unless absolutely necessary. If you must use it, create a dedicated Chrome profile with no saved passwords or sensitive browsing activity. Consider alternative extensions with more limited permissions that serve similar purposes. Regularly audit your installed extensions and remove any that request excessive permissions. The broad permission set far exceeds what would be necessary for most legitimate save/download functionality.

Findings

HIGH

Broad Content Script Injection

This extension can inject scripts into any website. This means it could potentially read sensitive data, modify website content, or steal credentials.

HIGH

Broad Host Permissions

This extension has broad host permissions allowing it to access many or all websites. This could potentially be used to steal sensitive data or track browsing activity.

HIGH

High-Risk Permission: cookies

This extension has the cookies permission. Can access and modify browser cookies. This could potentially be used maliciously to compromise security or privacy.

HIGH

High-Risk Permission: downloads

This extension has the downloads permission. Can download files and access download history. This could potentially be used maliciously to compromise security or privacy.

HIGH

High-Risk Permission: tabs

This extension has the tabs permission. Can access browser tab information and manipulate tabs. This could potentially be used maliciously to compromise security or privacy.

HIGH

High-Risk Permission: webRequest

This extension has the webRequest permission. Can intercept and modify web requests. This could potentially be used maliciously to compromise security or privacy.

MEDIUM

Medium-Risk Permission: storage

This extension has the storage permission. Can store data locally.

Security Analysis Details

Required Permissions:

storage
cookies
webRequest
downloads
tabs
system.display
declarativeNetRequest

Host Permissions:

<all_urls>

Content Security Policy:

extension_pages: script-src 'self'; object-src 'self'

Embedded URLs (27 total):

http://www.w3.org/2000/svg	http://www.w3.org/1999/xlink
http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd	http://ns.adobe.com/Extensibility/1.0/
http://ns.adobe.com/AdobeIllustrator/10.0/	http://ns.adobe.com/Graphs/1.0/
http://ns.adobe.com/Variables/1.0/	http://ns.adobe.com/ImageReplacement/1.0/
http://ns.adobe.com/SaveForWeb/1.0/	http://ns.adobe.com/GenericCustomNamespace/1.0/
http://ns.adobe.com/XPath/1.0/	https://loading.io/
https://jquery.com/	https://jquery.org/license
https://downloadigs.com/api	https://www.instagram.com/
https://www.instagram.com	https://stuk.github.io/jszip/documentation/howto/read_zip.html
https://www.instagram.com/tv/upload/	https://www.instagram.com/rupload_igvideo/
https://www.instagram.com/rupload_igphoto/	https://www.instagram.com/create/
https://www.instagram.com/api/v1/media/	http://stuartk.com/jszip
https://raw.github.com/Stuk/jszip/main/LICENSE.markdown.	https://github.com/nodeca/pako/blob/main/LICENSE
https://clients2.google.com/service/update2/crx

Raw Manifest

{
  "name": "__MSG_appName__",
  "icons": {
    "16": "icons/16.png",
    "32": "icons/32.png",
    "64": "icons/64.png",
    "128": "icons/128.png"
  },
  "action": {
    "default_popup": "popup/popup.html"
  },
  "version": "3.8.1",
  "background": {
    "service_worker": "js/serviceWorker.js"
  },
  "update_url": "https://clients2.google.com/service/update2/crx",
  "description": "__MSG_appDesc__",
  "permissions": [
    "storage",
    "cookies",
    "webRequest",
    "downloads",
    "tabs",
    "system.display",
    "declarativeNetRequest"
  ],
  "default_locale": "en",
  "content_scripts": [
    {
      "js": [
        "js/main.js",
        "js/content.js",
        "js/mobileTransform.js"
      ],
      "css": [
        "css/main.css"
      ],
      "run_at": "document_start",
      "matches": [
        "<all_urls>"
      ],
      "all_frames": true
    },
    {
      "js": [
        "js/inject.js"
      ],
      "world": "MAIN",
      "run_at": "document_start",
      "matches": [
        "*://*.instagram.com/*"
      ]
    }
  ],
  "host_permissions": [
    "<all_urls>"
  ],
  "manifest_version": 3,
  "content_security_policy": {
    "extension_pages": "script-src 'self'; object-src 'self'"
  },
  "web_accessible_resources": [
    {
      "matches": [
        "<all_urls>"
      ],
      "resources": [
        "icons/*",
        "js/*",
        "js/storyIn.js"
      ]
    }
  ]
}

by ✦ Astarte

FastSave

Extension Details

Context-Aware Verdict

Findings

Security Analysis Details

Required Permissions:

Host Permissions:

Content Security Policy:

Embedded URLs (27 total):

Raw Manifest

Detections

Manifest Findings