dark reader - dark mode for Chrome
Version 1.0.7 View in Chrome Web Store
Last scanned: 4 days ago
| force re-scan
Extension Details
Developer:
darkreader.net
Rating:
4.5 ★
(100 ratings)
Size:
1012KiB
Last Updated:
January 8, 2024
Users:
40,000
Context-Aware Verdict
This section provides a Claude-based AI analysis that applies additional context to the risk. Results are not guaranteed to be accurate.
MEDIUM
Risk Level
Trust Factors:
- The extension has a relatively high number of users (40,000) and a good rating (4.5/5), indicating a level of trust from the user community.
- The developer's website (darkreader.net) appears to be legitimate and focused on providing a dark mode functionality for websites.
Concerns:
- The extension requests the "tabs" permission, which allows it to access and manipulate browser tabs. While this could be necessary for its functionality, it also poses a potential privacy risk.
- The extension has broad host permissions (<all_urls>) and can inject content scripts into any website. This could potentially be exploited to steal sensitive data or track browsing activity.
Recommendations:
- While the extension appears to be legitimate and focused on providing a dark mode functionality, the broad permissions it requests raise some privacy concerns.
- Users should exercise caution when installing this extension and consider the potential risks associated with its permissions.
- If users decide to install the extension, it is recommended to run it in a separate browser profile or a dedicated browser instance to isolate its access and minimize potential risks.
- Users should also keep the extension updated to the latest version and monitor any changes in its behavior or permissions.
Overall, while the extension seems to serve a legitimate purpose, its broad permissions warrant some caution. Users should weigh the potential risks against the desired functionality and consider implementing additional security measures if they choose to install the extension.
Security Analysis
This section provides a detailed analysis of the extension's security posture, without broader context. Assumes worst-case impact.
HIGH
Overall Risk
Based on 4 total findings, ranked without considering overall context, including 3 high-risk and 1 medium-risk findings.
HIGH
Broad Content Script Injection
This extension can inject scripts into any website. This means it could potentially read sensitive data, modify website content, or steal credentials.
HIGH
Broad Host Permissions
This extension has broad host permissions allowing it to access many or all websites. This could potentially be used to steal sensitive data or track browsing activity.
HIGH
High-Risk Permission: tabs
This extension has the tabs permission. Can access browser tab information and manipulate tabs. This could potentially be used maliciously to compromise security or privacy.
MEDIUM
Medium-Risk Permission: storage
This extension has the storage permission. Can store data locally.
Security Analysis Details
Required Permissions:
- storage
- tabs
Host Permissions:
- <all_urls>
Embedded URLs (113 total):
| http://www.w3.org/2000/svg | http://www.w3.org/1999/xlink | |
| https://github.com/Pixabay/jQuery-tagEditor | http://code.accursoft.com/caret | |
| http://www.w3.org/1998/Math/MathML | https://chrome.google.com | |
| https://darkreader.net/contact.html | https://darkreader.net/how-it-works.html | |
| http://feross.org | https://feross.org/opensource | |
| https://addons.mozilla.org/ | https://chrome.google.com/webstore | |
| https://microsoftedge.microsoft.com/addons | https://google.com/ | |
| https://www.gstatic.com/images/branding/googlelogo | https://www.hcaptcha.com/ | |
| https://images.squarespace-cdn.com | https://allmacworld.com/blocs-free-download/ | |
| https://allmacworld.com/waves-v11-complete-download-free/ | https://allmacworld.com/3dequalizer-4-for-mac-free-download/ | |
| https://allmacworld.com/sylenth1-for-mac-free-download/ | https://allmacworld.com/synapse-audio-legend-free-download/ | |
| https://github.githubassets.com/favicon.ico | https://latexmath.bolo-app.com/render/ | |
| https://www.bankier.pl/ | https://cdn.blahdns.com/logo.png | |
| https://cdn.blahdns.com/kofi4.png | https://www.mozilla.org/ | |
| https://donate.mozilla.org/ | https://s3.castbox.fm/webstatic/images/userIcon.06c408dc.png | |
| https://cppm3144.itdhosting.de/niku/ui/uitk/images/odf.png | https://dej.rae.es | |
| https://duckduckgo.com/assets/icons/thirdparty/wikipedia.svg | https://duckduckgo.com/assets/logo_homepage.alt.v108.svg | |
| https://duckduckgo.com/assets/logo_header.alt.v108.svg | https://imgv3.fotor.com/images/background/background-image.png | |
| https://github.com | https://github.blog/wp-content/uploads/2019/03/BlogHeaders_Aligned_CHANGELOG | |
| https://i0.wp.com/user-images.githubusercontent.com/ | https://i1.wp.com/user-images.githubusercontent.com/ | |
| https://i2.wp.com/user-images.githubusercontent.com/ | https://github.githubassets.com/images/modules/site/icons/footer/github-logo.svg | |
| https://github.githubassets.com/images/modules/site/home/community-sponsor- | https://github.githubassets.com/images/modules/site/home/community-readme- | |
| https://github.githubassets.com/images/modules/site/home/community-discussions- | https://github.githubassets.com/images/modules/site/home/dependabot-merge.png | |
| https://github.githubassets.com/images/modules/site/home/dependabot-pr.png | https://github.githubassets.com/images/modules/site/home/gh-desktop.png | |
| https://github.githubassets.com/images/modules/site/home/pr-merge.png | https://github.githubassets.com/images/modules/site/home/pr-comment.png | |
| https://github.githubassets.com/images/modules/site/home/pr-description.png | https://github.githubassets.com/images/modules/site/home/pr-screen.png | |
| https://github.githubassets.com/images/modules/site/home/enterprise-city-w-logos.jpg | https://github.githubassets.com/images/modules/site/codespaces/codespaces-icon.png | |
| https://github.githubassets.com/images/modules/site/codespaces/dependency-rust.png | https://github.githubassets.com/images/modules/site/codespaces/dependency-3.png | |
| https://github.githubassets.com/images/modules/site/codespaces/dependencies- | https://github.githubassets.com/images/modules/site/codespaces/commit-3.png | |
| https://github.githubassets.com/images/modules/site/codespaces/extensions-1.png | https://github.githubassets.com/images/modules/site/codespaces/extensions-2.png | |
| https://github.githubassets.com/images/modules/site/codespaces/commit-workflow.png | https://github.githubassets.com/images/modules/site/codespaces/workflow-view.png | |
| https://github.githubassets.com/images/modules/site/codespaces/code.png | https://github.githubassets.com/images/email/explore/explore-gradient-icon.png | |
| https://raw.githubusercontent.com/github/explore/80688e429a7d4ef2fca1e82350fe8e3517d3494d/collections/learn-to-code/learn-to-code.png | https://apps.apple.com/app/ | |
| https://hypothes.is | https://www.jpl.nasa.gov/assets/images/logo_nasa_trio_white@2x.png | |
| https://postlight.com/ | https://www.minecraftskins.com/bundles/app/images/mask.png | |
| https://bi.im-g.pl/im/0/24525/m24525630.png | https://staticz.novelgames.com/style/default/common_e.5.png | |
| https://staticz.novelgames.com/style/default/common.8.png | https://docs.google.com | |
| https://forms.gle | https://pch24.pl | |
| https://www.gstatic.com/android/market_images/web/play_prism_hlock_2x.png | http://www.emcdda.europa.eu/about | |
| http://www.scp-wiki.net/local--files/component:theme/body_bg.png | https://static.senscritique.com/img/layout/icons/chevrons/chevron-size3.png?201710121789416 |
Page 1 of 2
Raw Manifest
{ "name": "__MSG_name__", "icons": { "32": "assets/static/32.png", "64": "assets/static/64.png", "128": "assets/static/128.png" }, "action": { "default_title": "__MSG_title__" }, "version": "1.0.7", "background": { "service_worker": "background.js" }, "update_url": "https://clients2.google.com/service/update2/crx", "description": "__MSG_desc__", "permissions": [ "storage", "tabs" ], "options_page": "./options.html", "default_locale": "en", "content_scripts": [ { "js": [ "control-panel.js", "dark-mode-content.js" ], "css": [ "assets/style-injector.css" ], "run_at": "document_start", "matches": [ "<all_urls>" ] } ], "host_permissions": [ "<all_urls>" ], "manifest_version": 3, "web_accessible_resources": [ { "matches": [ "<all_urls>" ], "resources": [ "static/*", "assets/*.svg", "assets/*.png", "assets/*.css", "assets/*.otf" ] } ] }
Secure Annex (beta)
Coming soon...