Zendesk Download Router
Version 4.4.0 View in Chrome Web Store
Extension Details
Context-Aware Verdict
The extension has a very small user base of only 711 users, which limits community validation. However, it maintains a high rating of 4.8/5 from 10 reviews, suggesting satisfied users within its niche. The extension targets Zendesk users specifically, indicating a legitimate business use case. The lack of developer information and company details reduces transparency and accountability.
The extension requests several powerful permissions that exceed typical requirements for a download router. The downloads permission allows access to download history and file manipulation capabilities. The tabs permission grants broad access to browser tab information and control, which seems excessive for routing downloads. The activeTab permission, while more reasonable, still provides access to sensitive page content. Content scripts run on Zendesk domains, which could access sensitive customer support data and communications.
Given the high-risk permissions and limited user base, consider running this extension in a separate Chrome profile dedicated to Zendesk work. This isolates potential security risks from your main browsing profile. Before installation, verify the extension's legitimacy through Zendesk's official channels or community forums. Monitor the extension's behavior closely, particularly regarding file downloads and tab interactions. Consider whether the functionality truly requires such broad permissions, and explore alternative solutions if available. Regularly review installed extensions and remove this one if it's no longer essential to your workflow.
Findings
Security Analysis Details
Required Permissions:
- activeTab
- downloads
- storage
- tabs
Embedded URLs (6 total):
| https://github.com/wxt-dev/wxt/issues/371 | https://wxt.dev/guide/testing.html | |
| https://clients2.google.com/service/update2/crx | http://www.w3.org/2000/svg | |
| https://getbootstrap.com/ | https://github.com/twbs/bootstrap/blob/main/LICENSE |
Raw Manifest
{ "name": "Zendesk Download Router", "icons": { "32": "icon/32.png", "48": "icon/48.png", "64": "icon/64.png", "128": "icon/128.png" }, "action": { "default_icon": { "128": "/icon/128.png" }, "default_popup": "popup.html", "default_title": "Zendesk Download Router" }, "version": "4.4.0", "background": { "type": "module", "service_worker": "background.js" }, "options_ui": { "page": "options.html", "open_in_tab": true }, "update_url": "https://clients2.google.com/service/update2/crx", "description": "Automatically routes Zendesk downloads into separate folders by ticket number", "permissions": [ "activeTab", "downloads", "storage", "tabs" ], "content_scripts": [ { "js": [ "content-scripts/content.js" ], "css": [ "content-scripts/content.css" ], "run_at": "document_end", "matches": [ "*://*.apps.zdusercontent.com/*", "*://*.zendesk.com/*" ] } ], "manifest_version": 3, "web_accessible_resources": [ { "matches": [ "*://*.zendesk.com/*", "*://*.apps.zdusercontent.com/*" ], "resources": [ "/icon/128.png" ] } ] }
ⓘ CRXaminer has partnered with our friends at Secure Annex to provide additional findings unique to their platform.
Secure Annex also analyzes extensions from other browsers, IDEs, and can continuously monitor.
This extension may not yet be analyzed by Secure Annex.