Extension Details
Developer:
fakefiller.com
Rating:
4.4 ★
(792 ratings)
Users:
400,000
Context-Aware Verdict
This section provides a Claude-based AI analysis that applies additional context to the risk. Results are not guaranteed to be accurate.
MEDIUM
Overall Risk
Trust Factors: The extension has a solid user base of 400,000 users with a good rating of 4.4 stars from nearly 800 reviews, indicating general user satisfaction. The developer domain fakefiller.com suggests a legitimate purpose-built tool. The extension appears to serve a specific utility function for form filling automation.
Concerns: The primary security concern is the broad content script injection capability across all URLs, which creates potential for data interception or credential theft if compromised. While the contextMenus, activeTab, storage, and scripting permissions are reasonable for a form-filling tool, the combination with all-sites access creates an elevated risk profile. The extension could theoretically access sensitive information on banking sites, email platforms, or other confidential web applications.
Recommendations: Given the medium risk level, consider running this extension in a separate Chrome profile dedicated to non-sensitive browsing activities. Avoid using it while accessing financial institutions, email accounts, or other sensitive websites. Regularly review the extension's behavior and disable it when not actively needed for form filling tasks. Monitor for any unusual browser behavior or unexpected data requests. Consider whether the convenience of automated form filling justifies the broad access permissions, especially if you frequently visit sensitive websites in the same browser profile.
Findings
This section provides a detailed analysis of the extension's security posture, without broader context. Assumes worst-case impact.
HIGH
Broad Content Script Injection
This extension can inject scripts into any website. This means it could potentially read sensitive data, modify website content, or steal credentials.
MEDIUM
Medium-Risk Permission: activeTab
This extension has the activeTab permission. Can access the active tab when clicking the extension icon.
MEDIUM
Medium-Risk Permission: contextMenus
This extension has the contextMenus permission. Can add items to the context menu.
MEDIUM
Medium-Risk Permission: storage
This extension has the storage permission. Can store data locally.
Security Analysis Details
Required Permissions:
- contextMenus
- activeTab
- storage
- scripting
Embedded URLs (45 total):
| https://github.com/FakeFiller/fake-filler-extension/wiki/Keyboard-Shortcuts | http://momentjs.com/docs/#/displaying/format/ | |
| http://fent.github.io/randexp.js/ | http://www.w3.org/2000/svg | |
| https://mths.be/cssesc | http://momentjs.com/guides/#/warnings/define-locale/ | |
| http://momentjs.com/guides/#/warnings/js-date/ | http://momentjs.com/guides/#/warnings/min-max/ | |
| http://momentjs.com/guides/#/warnings/add-inverted-param/ | http://momentjs.com/guides/#/warnings/zone/ | |
| http://momentjs.com/guides/#/warnings/dst-shifted/ | https://github.com/uuidjs/uuid#getrandomvalues-not-supported | |
| http://www.apache.org/licenses/LICENSE-2.0 | https://securetoken.google.com/ | |
| https://reactjs.org/docs/error-decoder.html?invariant= | http://www.w3.org/1999/xlink | |
| http://www.w3.org/XML/1998/namespace | http://www.w3.org/1998/Math/MathML | |
| http://www.w3.org/1999/xhtml | https://bit.ly/3cXEKWf | |
| http://fb.me/use-check-prop-types | https://github.com/FakeFiller/fake-filler-extension/pull/131 | |
| https://fakefiller.com | https://github.com/FakeFiller/fake-filler-extension/pull/113 | |
| https://github.com/FakeFiller/fake-filler-extension/pull/102 | https://github.com/FakeFiller/fake-filler-extension/pull/71 | |
| https://github.com/FakeFiller/fake-filler-extension/pull/66 | https://github.com/FakeFiller/fake-filler-extension/pull/54 | |
| https://github.com/rowthan | https://github.com/FakeFiller/fake-filler-extension/pull/33 | |
| https://github.com/FakeFiller/fake-filler-extension/pull/25 | https://github.com/FakeFiller/fake-filler-extension/pull/11 | |
| https://github.com/FakeFiller/fake-filler-extension/pull/18 | https://github.com/FakeFiller/fake-filler-extension/pull/20 | |
| https://github.com/FakeFiller/fake-filler-extension/pull/10 | https://github.com/FakeFiller/fake-filler-extension/pull/5 | |
| https://github.com/focus-trap/tabbable/blob/master/LICENSE | https://fakefiller.com/#pricing | |
| https://github.com/FakeFiller/fake-filler-extension/wiki/Customization-using-Custom-Fields-and-Profiles | https://fakefiller.com/privacy | |
| http://fakefiller.com/account/ | https://github.com/FakeFiller/fake-filler-extension/wiki | |
| https://github.com/FakeFiller/fake-filler-extension/issues | https://redux.js.org/Errors?code= | |
| https://clients2.google.com/service/update2/crx |
Raw Manifest
{ "name": "Fake Filler", "icons": { "16": "images/icon-16.png", "32": "images/icon-32.png", "48": "images/icon-48.png", "64": "images/icon-64.png", "96": "images/icon-96.png", "128": "images/icon-128.png" }, "action": { "default_icon": { "16": "images/icon-16.png", "32": "images/icon-32.png", "48": "images/icon-48.png", "64": "images/icon-64.png", "96": "images/icon-96.png", "128": "images/icon-128.png" }, "default_title": "Fill All Inputs with Dummy Data" }, "version": "4.1.0", "commands": { "fill_this_form": { "description": "Fill this form" }, "fill_all_inputs": { "description": "Fill all inputs" }, "fill_this_input": { "description": "Fill this input" } }, "background": { "type": "module", "service_worker": "src/service-worker.js" }, "options_ui": { "page": "index.html", "open_in_tab": true }, "short_name": "Fake Filler", "update_url": "https://clients2.google.com/service/update2/crx", "description": "A form filler that fills all inputs on a page with fake/dummy data.", "permissions": [ "contextMenus", "activeTab", "storage", "scripting" ], "default_locale": "en", "content_scripts": [ { "js": [ "src/content-script.js" ], "matches": [ "<all_urls>" ], "all_frames": true } ], "manifest_version": 3 }
ⓘ CRXaminer has partnered with our friends at Secure Annex to provide additional findings unique to their platform.
Secure Annex also analyzes extensions from other browsers, IDEs, and can continuously monitor.
Loading Secure Annex data...
Unable to load Secure Annex data.
This extension may not yet be analyzed by Secure Annex.
Detections
0Critical
0
High
0
Medium
0
Low
0
Has Verdicts
Yes
Manifest Findings
0Critical
0
High
0
Medium
0
Low
0
Secure Annex analyzed version: -