Dash Highlighter

Version 1.0 View in Chrome Web Store

Last scanned: 3 months ago | force re-scan

Extension Details

Rating: 5.0 ★ (1 rating)

Users: 9

Context-Aware Verdict

HIGH

Overall Risk

Trust Factors:

The extension has extremely limited trust indicators with only 9 users and a single 5-star rating, which is insufficient to establish credibility. The lack of developer information, company details, and recent update history raises significant concerns about the extension's legitimacy and ongoing support. The minimal user base suggests this is either a very new extension or one that hasn't gained user confidence.

Concerns:

The combination of broad host permissions and content script injection capabilities creates a dangerous attack surface that far exceeds what would be necessary for a simple highlighting tool. The extension can access and modify content on every website you visit, potentially capturing sensitive information like passwords, financial data, or personal communications. The storage permission, while seemingly benign, could be used to exfiltrate collected data. The overly broad permissions are particularly concerning given the extension's basic functionality description.

Recommendations:

Given the high risk profile, avoid installing this extension entirely. If highlighting functionality is needed, consider well-established alternatives with better security practices and larger user bases. If you must use this extension, run it in a completely isolated Chrome profile with no access to sensitive accounts or websites. Monitor your browsing activity closely and remove the extension immediately if you notice any suspicious behavior.

Findings

HIGH

Broad Content Script Injection

This extension can inject scripts into any website. This means it could potentially read sensitive data, modify website content, or steal credentials.

HIGH

Broad Host Permissions

This extension has broad host permissions allowing it to access many or all websites. This could potentially be used to steal sensitive data or track browsing activity.

MEDIUM

Medium-Risk Permission: storage

This extension has the storage permission. Can store data locally.

Raw Manifest

{
  "name": "Dash Highlighter",
  "icons": {
    "16": "icon16.png",
    "48": "icon48.png",
    "128": "icon128.png"
  },
  "version": "1.0",
  "update_url": "https://clients2.google.com/service/update2/crx",
  "description": "Highlights en dashes and em dashes on web pages",
  "permissions": [
    "storage"
  ],
  "options_page": "options.html",
  "content_scripts": [
    {
      "js": [
        "constants.js",
        "content.js"
      ],
      "run_at": "document_end",
      "matches": [
        "<all_urls>"
      ]
    }
  ],
  "host_permissions": [
    "<all_urls>"
  ],
  "manifest_version": 3
}

by ✦ Astarte

https://github.com/	https://github.com/hubwriter/github-dash-highlighter/blob/main/test.html
https://example.com/	https://test.com/
https://clients2.google.com/service/update2/crx

Dash Highlighter

Extension Details

Context-Aware Verdict

Findings

Security Analysis Details

Required Permissions:

Host Permissions:

Embedded URLs (5 total):

Raw Manifest

Detections

Manifest Findings