[ new scan ] [ statistics ] [ github ] [ twitter ] [ help ]

Starting analysis...

Sendspark Video and Screen Recorder

Version 2.2.8 View in Chrome Web Store

Last scanned: about 1 month ago | force re-scan

Extension Details

Developer: sendspark.com

Rating: 4.9 ★ (775 ratings)

Users: 10,000

Context-Aware Verdict

CRITICAL

Overall Risk

Trust Factors:

The extension has a strong user base with 10,000 users and an excellent 4.9-star rating from 775 reviews, indicating positive user experiences. It's developed by sendspark.com, which appears to be a legitimate video messaging platform. The extension's purpose as a video and screen recorder aligns with its requested permissions for desktop and tab capture functionality.

Concerns:

The extension requests extremely broad permissions that extend far beyond basic screen recording needs. The universal host permissions (*://*/*) combined with content script injection capabilities create significant privacy and security risks. Access to cookies and tabs permissions could enable data harvesting across all websites. The unsafe WebAssembly execution policy is particularly concerning as it could hide malicious code. The extension targets numerous business platforms (Gmail, LinkedIn, Salesforce, HubSpot, etc.) which handle sensitive professional data.

Recommendations:

Given the critical risk level, consider running this extension in a completely separate Chrome profile dedicated solely to video recording activities. Before installation, verify the extension is actually needed for your workflow and consider alternative screen recording tools with more limited permissions. If you must use it, regularly audit what data the extension might be accessing and consider temporarily disabling it when not actively recording. Monitor your accounts on the business platforms this extension accesses for any unusual activity.

Findings

HIGH

Broad Content Script Injection

This extension can inject scripts into any website. This means it could potentially read sensitive data, modify website content, or steal credentials.

HIGH

Broad Host Permissions

This extension has broad host permissions allowing it to access many or all websites. This could potentially be used to steal sensitive data or track browsing activity.

HIGH

High-Risk Permission: cookies

This extension has the cookies permission. Can access and modify browser cookies. This could potentially be used maliciously to compromise security or privacy.

HIGH

High-Risk Permission: tabs

This extension has the tabs permission. Can access browser tab information and manipulate tabs. This could potentially be used maliciously to compromise security or privacy.

HIGH

Unsafe WebAssembly Execution

This extension's Content Security Policy allows 'wasm-unsafe-eval', which permits potentially dangerous WebAssembly code execution. This could be used to hide malicious code or perform CPU-intensive operations.

MEDIUM

Access to Sensitive Domains

This extension requests access to sensitive domains: https://mail.google.com/. Ensure you trust this extension with access to these sites.

MEDIUM

Medium-Risk Permission: notifications

This extension has the notifications permission. Can show notifications.

MEDIUM

Medium-Risk Permission: storage

This extension has the storage permission. Can store data locally.

Security Analysis Details

Required Permissions:

alarms
cookies
tabs
notifications
storage
scripting
desktopCapture
tabCapture
offscreen
file:///*
windows

Host Permissions:

*://*/*
https://mail.google.com/
https://*.sentry.io/
file:///*

Content Security Policy:

extension_pages: script-src 'self' 'wasm-unsafe-eval'; object-src 'self';

Embedded URLs (867 total):

Page 1 of 11

Raw Manifest

{
  "key": "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiAZ7uZfatF+6GeUrQNTqbgiWXiuNIvRl5+HGzGMLetXYT3WVmgwDtehrRJg5Z+PIDYf2QEiqhUQR9qVf+jgGHzZnorwGQIFcILoqXd5KNgFGjIgLzisgRA+oYHyDlFamhx7hxc0nWtguI1Mfh2YKuh0bckdsviT/g8f7vDrfsJWRCxKtdogy4/bpW60tV+gLDKKHvQo/vyO1+8vHInzDl/PF5vZLqGWm6U1BLFJOr9NAdMn/HoWkEDij/mL665t7ezEsm+pXH7EsxjKB7opight/B0zF5/IgndW+af9/Dwqgpqzw28tdfNgesWV+l+xgO/fd++2jflj15+iHyfRdxQIDAQAB",
  "name": "Sendspark Video and Screen Recorder",
  "icons": {
    "16": "assets/icon16.png",
    "48": "assets/icon48.png",
    "128": "assets/icon128.png"
  },
  "action": {
    "default_icon": "assets/production/icon-default-128.png"
  },
  "version": "2.2.8",
  "background": {
    "type": "module",
    "matches": [
      "*://*/*"
    ],
    "service_worker": "event.js"
  },
  "update_url": "https://clients2.google.com/service/update2/crx",
  "description": "Record and share professional-looking videos for business",
  "permissions": [
    "alarms",
    "cookies",
    "tabs",
    "notifications",
    "storage",
    "scripting",
    "desktopCapture",
    "tabCapture",
    "offscreen",
    "file:///*",
    "windows"
  ],
  "content_scripts": [
    {
      "js": [
        "content.js",
        "onboardingFlow.js",
        "floatingButton.js"
      ],
      "css": [],
      "matches": [
        "*://*/*"
      ],
      "exclude_matches": [
        "https://ssoven341-d3vz.com/teleprompter",
        "https://sendspark.com/teleprompter"
      ]
    },
    {
      "js": [
        "gmail.js"
      ],
      "run_at": "document_end",
      "matches": [
        "https://mail.google.com/*",
        "https://inbox.google.com/*"
      ]
    },
    {
      "js": [
        "intercom.js"
      ],
      "matches": [
        "https://app.intercom.com/*"
      ]
    },
    {
      "js": [
        "linkedIn.js"
      ],
      "matches": [
        "https://www.linkedin.com/*"
      ]
    },
    {
      "js": [
        "zendesk.js"
      ],
      "matches": [
        "https://*.zendesk.com/agent/*"
      ]
    },
    {
      "js": [
        "hubspot.js"
      ],
      "matches": [
        "https://app.hubspot.com/*"
      ]
    },
    {
      "js": [
        "outreach.js"
      ],
      "matches": [
        "https://*.outreach.io/*"
      ]
    },
    {
      "js": [
        "closeio.js"
      ],
      "matches": [
        "https://app.close.com/*"
      ]
    },
    {
      "js": [
        "salesforce.js"
      ],
      "matches": [
        "https://*.lightning.force.com/*"
      ]
    },
    {
      "js": [
        "saleshandy.js"
      ],
      "matches": [
        "https://app.saleshandy.com/*",
        "https://my.saleshandy.com/*"
      ]
    },
    {
      "js": [
        "bridger.js"
      ],
      "matches": [
        "https://app.bridgersystem.com/*"
      ]
    },
    {
      "js": [
        "zoominfo.js"
      ],
      "matches": [
        "https://app.zoominfo.com/*"
      ]
    },
    {
      "js": [
        "shareUserData.js"
      ],
      "matches": [
        "https://*.sendspark.com/share/*",
        "https://sendspark.com/share/*",
        "*://*/share/*"
      ]
    }
  ],
  "host_permissions": [
    "*://*/*",
    "https://mail.google.com/",
    "https://*.sentry.io/",
    "file:///*"
  ],
  "manifest_version": 3,
  "externally_connectable": {
    "matches": [
      "http://localhost:*/*",
      "http://stg341.localhost:*/*",
      "*://stg341.sendspark.com/*",
      "*://app.sendspark.com/*",
      "*://sendspark.com/*",
      "*://mail.google.com/*",
      "*://inbox.google.com/*",
      "*://ssoven341-d3vz.com/*"
    ]
  },
  "content_security_policy": {
    "extension_pages": "script-src 'self' 'wasm-unsafe-eval'; object-src 'self';"
  },
  "web_accessible_resources": [
    {
      "matches": [
        "*://*/*",
        "<all_urls>",
        "https://mail.google.com/*"
      ],
      "resources": [
        "usermedia.html",
        "usermediaonboarding.html",
        "camera.html",
        "cameraonly.html",
        "videopreview.html",
        "trimvideopreview.html",
        "initializecamera.html",
        "offscreen_document.html",
        "soundwaveline.html",
        "pageWorld.js",
        "assets/*.png",
        "assets/*.svg",
        "assets/*.gif",
        "assets/*.wasm",
        "assets/*.bin",
        "assets/*.deepar",
        "*.webm",
        "*.map",
        "assets/fonts/circularXXWeb/*.woff2",
        "assets/fonts/lexend/*.ttf"
      ],
      "extension_ids": [
        "*"
      ]
    }
  ]
}

by ✦ Astarte

Sendspark Video and Screen Recorder

Extension Details

Context-Aware Verdict

Findings

Security Analysis Details

Required Permissions:

Host Permissions:

Content Security Policy:

Embedded URLs (867 total):

Raw Manifest

Detections

Manifest Findings

https://git.io/JUIaE#	https://github.com/babel/babel/blob/main/packages/babel-helpers/LICENSE
http://feross.org	https://mths.be/he
https://reactjs.org/docs/error-decoder.html?invariant=	http://www.w3.org/1999/xlink
http://www.w3.org/XML/1998/namespace	http://www.w3.org/1999/xhtml
http://www.w3.org/2000/svg	http://www.w3.org/1998/Math/MathML
https://fb.me/react-polyfills	https://github.com/csstree/csstree/issues
https://developer.mozilla.org/docs/Web/CSS/@charset	https://developer.mozilla.org/docs/Web/CSS/@counter-style
https://developer.mozilla.org/docs/Web/CSS/@document	https://developer.mozilla.org/docs/Web/CSS/@font-face
https://developer.mozilla.org/docs/Web/CSS/@font-feature-values	https://developer.mozilla.org/docs/Web/CSS/@import
https://developer.mozilla.org/docs/Web/CSS/@keyframes	https://developer.mozilla.org/docs/Web/CSS/@media
https://developer.mozilla.org/docs/Web/CSS/@namespace	https://developer.mozilla.org/docs/Web/CSS/@page
https://developer.mozilla.org/docs/Web/CSS/@property	https://developer.mozilla.org/docs/Web/CSS/@supports
https://developer.mozilla.org/docs/Web/CSS/@viewport	https://developer.mozilla.org/docs/Web/CSS/--
https://developer.mozilla.org/docs/Web/CSS/-ms-accelerator	https://developer.mozilla.org/docs/Web/CSS/-ms-block-progression
https://developer.mozilla.org/docs/Web/CSS/-ms-content-zoom-chaining	https://developer.mozilla.org/docs/Web/CSS/-ms-content-zooming
https://developer.mozilla.org/docs/Web/CSS/-ms-content-zoom-limit	https://developer.mozilla.org/docs/Web/CSS/-ms-content-zoom-limit-max
https://developer.mozilla.org/docs/Web/CSS/-ms-content-zoom-limit-min	https://developer.mozilla.org/docs/Web/CSS/-ms-content-zoom-snap
https://developer.mozilla.org/docs/Web/CSS/-ms-content-zoom-snap-points	https://developer.mozilla.org/docs/Web/CSS/-ms-content-zoom-snap-type
https://developer.mozilla.org/docs/Web/CSS/-ms-filter	https://developer.mozilla.org/docs/Web/CSS/-ms-flow-from
https://developer.mozilla.org/docs/Web/CSS/-ms-flow-into	https://developer.mozilla.org/docs/Web/CSS/-ms-grid-columns
https://developer.mozilla.org/docs/Web/CSS/-ms-grid-rows	https://developer.mozilla.org/docs/Web/CSS/-ms-high-contrast-adjust
https://developer.mozilla.org/docs/Web/CSS/-ms-hyphenate-limit-chars	https://developer.mozilla.org/docs/Web/CSS/-ms-hyphenate-limit-lines
https://developer.mozilla.org/docs/Web/CSS/-ms-hyphenate-limit-zone	https://developer.mozilla.org/docs/Web/CSS/-ms-ime-align
https://developer.mozilla.org/docs/Web/CSS/-ms-overflow-style	https://developer.mozilla.org/docs/Web/CSS/-ms-scrollbar-3dlight-color
https://developer.mozilla.org/docs/Web/CSS/-ms-scrollbar-arrow-color	https://developer.mozilla.org/docs/Web/CSS/-ms-scrollbar-base-color
https://developer.mozilla.org/docs/Web/CSS/-ms-scrollbar-darkshadow-color	https://developer.mozilla.org/docs/Web/CSS/-ms-scrollbar-face-color
https://developer.mozilla.org/docs/Web/CSS/-ms-scrollbar-highlight-color	https://developer.mozilla.org/docs/Web/CSS/-ms-scrollbar-shadow-color
https://developer.mozilla.org/docs/Web/CSS/-ms-scrollbar-track-color	https://developer.mozilla.org/docs/Web/CSS/-ms-scroll-chaining
https://developer.mozilla.org/docs/Web/CSS/-ms-scroll-limit	https://developer.mozilla.org/docs/Web/CSS/-ms-scroll-limit-x-max
https://developer.mozilla.org/docs/Web/CSS/-ms-scroll-limit-x-min	https://developer.mozilla.org/docs/Web/CSS/-ms-scroll-limit-y-max
https://developer.mozilla.org/docs/Web/CSS/-ms-scroll-limit-y-min	https://developer.mozilla.org/docs/Web/CSS/-ms-scroll-rails
https://developer.mozilla.org/docs/Web/CSS/-ms-scroll-snap-points-x	https://developer.mozilla.org/docs/Web/CSS/-ms-scroll-snap-points-y
https://developer.mozilla.org/docs/Web/CSS/-ms-scroll-snap-type	https://developer.mozilla.org/docs/Web/CSS/-ms-scroll-snap-x
https://developer.mozilla.org/docs/Web/CSS/-ms-scroll-snap-y	https://developer.mozilla.org/docs/Web/CSS/-ms-scroll-translation
https://developer.mozilla.org/docs/Web/CSS/-ms-text-autospace	https://developer.mozilla.org/docs/Web/CSS/-ms-touch-select
https://developer.mozilla.org/docs/Web/CSS/-ms-user-select	https://developer.mozilla.org/docs/Web/CSS/-ms-wrap-flow
https://developer.mozilla.org/docs/Web/CSS/-ms-wrap-margin	https://developer.mozilla.org/docs/Web/CSS/-ms-wrap-through
https://developer.mozilla.org/docs/Web/CSS/appearance	https://developer.mozilla.org/docs/Web/CSS/-moz-binding
https://developer.mozilla.org/docs/Web/CSS/-moz-border-bottom-colors	https://developer.mozilla.org/docs/Web/CSS/-moz-border-left-colors
https://developer.mozilla.org/docs/Web/CSS/-moz-border-right-colors	https://developer.mozilla.org/docs/Web/CSS/-moz-border-top-colors