Auto Refresh Plus

Version 3.0.2 View in Chrome Web Store

Last scanned: 8 days ago | force re-scan

Extension Details

Developer: autorefreshplus.in

Rating: 4.8 ★ (1.5K ratings)

Users: 100,000

Context-Aware Verdict

HIGH

Overall Risk

Trust Factors: The extension has a solid user base of 100,000 users and maintains a strong 4.8-star rating from 1,500 reviews, suggesting legitimate functionality and user satisfaction. The name "Auto Refresh Plus" clearly indicates its purpose as a page refresh utility, which is a common and useful browser tool.

Concerns: The extension's permissions are significantly excessive for a simple auto-refresh tool. The <all_urls> host permissions and content script injection capabilities allow it to access and modify content on every website you visit, including sensitive sites like banking, email, and social media platforms. For an auto-refresh function, these broad permissions are unnecessary - the extension should only need to access the specific tabs where refresh is enabled. The storage permission, while lower risk, allows data collection about your browsing patterns.

Recommendations: Consider running this extension in a separate Chrome profile dedicated to non-sensitive browsing activities. Before installation, verify if simpler alternatives exist that require fewer permissions. If you must use this extension, regularly review which sites you're allowing it to refresh and disable it when visiting sensitive websites. Monitor your browser's extension activity through Chrome's built-in tools to ensure it's not accessing sites unnecessarily. Consider whether built-in browser refresh options or keyboard shortcuts might meet your needs instead.

Findings

HIGH

Broad Content Script Injection

This extension can inject scripts into any website. This means it could potentially read sensitive data, modify website content, or steal credentials.

HIGH

Broad Host Permissions

This extension has broad host permissions allowing it to access many or all websites. This could potentially be used to steal sensitive data or track browsing activity.

MEDIUM

Medium-Risk Permission: storage

This extension has the storage permission. Can store data locally.

Raw Manifest

{
  "name": "__MSG_extensionName__",
  "icons": {
    "32": "icon128.png",
    "64": "icon128.png",
    "128": "icon128.png"
  },
  "action": {
    "default_popup": "index.html",
    "default_title": "__MSG_extensionTitle__"
  },
  "version": "3.0.2",
  "background": {
    "service_worker": "background.js"
  },
  "update_url": "https://clients2.google.com/service/update2/crx",
  "description": "__MSG_extensionDescription__",
  "permissions": [
    "storage"
  ],
  "default_locale": "en",
  "content_scripts": [
    {
      "js": [
        "content.js"
      ],
      "run_at": "document_start",
      "matches": [
        "<all_urls>"
      ]
    },
    {
      "js": [
        "content-main.js"
      ],
      "world": "MAIN",
      "run_at": "document_start",
      "matches": [
        "<all_urls>"
      ]
    }
  ],
  "host_permissions": [
    "<all_urls>"
  ],
  "manifest_version": 3
}

by ✦ Astarte

https://autorefreshplus.in	https://clients2.google.com/service/update2/crx
https://fonts.googleapis.com/css2?family=Rubik:ital	https://react.dev/errors/
http://www.w3.org/2000/svg	http://www.w3.org/1998/Math/MathML
http://www.w3.org/1999/xlink	http://www.w3.org/XML/1998/namespace
https://git.io/JUIaE#	https://chrome.google.com/webstore/detail/ffejlioijcokmblckiijnjcmfidjppdn/reviews
https://autorefreshplus.in/privacy

Auto Refresh Plus

Extension Details

Context-Aware Verdict

Findings

Security Analysis Details

Required Permissions:

Host Permissions:

Embedded URLs (11 total):

Raw Manifest

Detections

Manifest Findings