네이버 동영상 플러그인

Name: Security Analysis: 네이버 동영상 플러그인
Item: 네이버 동영상 플러그인
Rating: 5
Author: ChromeBoard

🔍 Security Report Available

👥 5M+ users

📦 v1.0.2.4

💾 6.04KiB

📅 2025-09-17

View on Chrome Web Store

Chrome will indicate if you already have this installed.

Overview

네이버 동영상 플러그인을 이용해 네이버의 다양한 동영상 서비스를 즐겨보세요!
크롬 브라우저에서 네이버 동영상 서비스 이용을 위해서는 네이버 동영상 플러그인의 설치가 필요합니다.

2015년 9월 부터 크롬브라우져에서 NPAPI 지원이 중지되어 “네이버 동영상 플러그인” 설치 후 아래의 동영상 서비스를 이용해주세요.
1. 네이버 라이브 스트리밍 : 스포츠, 네이버TV, 뉴스 등 생중계 서비스 HD 화질 시청

Privacy Practices

✓ Not being sold to third parties, outside of the approved use cases

✓ Not being used or transferred for purposes that are unrelated to the item's core functionality

✓ Not being used or transferred to determine creditworthiness or for lending purposes

v1.0.2.4 Info Scanned Mar 4, 2026

Security Analysis — 네이버 동영상 플러그인

Analyzed v1.0.2.4 · Mar 4, 2026 · 2 JS files · 3 KB scanned

Permissions

Code Patterns Detected

Package Contents 5 files · 7KB

▾📁_metadata2KB

{}verified_contents.json2KB

📜background.js3KB

📜content.js670B

🖼icon.png898B

{}manifest.json929B

What This Extension Does

네이버 동영상 플러그인 (Naver Video Plugin) is a Chrome extension that enables users to access Naver's video services within their browser. It solves the problem of accessing Naver's video content without having to navigate away from the current tab. This extension is suitable for anyone who uses Naver's services and wants a convenient way to watch videos within their browser.

Permissions Explained

activeTabexpected: This permission allows the extension to access the currently active tab in your browser, which enables it to display video content within that tab.
Technical: The activeTab permission grants the extension access to the current tab's URL, title, and other metadata through the Chrome.tabs API. This could potentially allow an attacker to inject malicious content into the active tab if the extension is compromised.
nativeMessagingexpected: This permission enables the extension to communicate with native apps installed on your device, which allows it to display video content from Naver's services.
Technical: The nativeMessaging permission grants the extension access to the Chrome Native Messaging API, which enables communication between the extension and native apps. This could potentially allow an attacker to inject malicious code into the native app if the extension is compromised. ⚠ 1
http://*.navercorp.com/*expected: This permission allows the extension to access content from Naver's servers, which enables it to display video content within your browser.
Technical: The http://*.navercorp.com/* permission grants the extension access to HTTP requests made to Naver's servers. This could potentially allow an attacker to intercept sensitive data if the extension is compromised.
https://*.navercorp.com/*expected: This permission allows the extension to access content from Naver's servers over a secure connection, which enables it to display video content within your browser.
Technical: The https://*.navercorp.com/* permission grants the extension access to HTTPS requests made to Naver's servers. This could potentially allow an attacker to intercept sensitive data if the extension is compromised.
https://*.naver.com/*expected: This permission allows the extension to access content from Naver's servers over a secure connection, which enables it to display video content within your browser.
Technical: The https://*.naver.com/* permission grants the extension access to HTTPS requests made to Naver's servers. This could potentially allow an attacker to intercept sensitive data if the extension is compromised.

Your Data

The extension accesses content from Naver's servers, which may include video metadata and user authentication tokens. It does not appear to access any sensitive data on your device.

Technical Details

The extension makes HTTP requests to http://*.navercorp.com/*, https://*.navercorp.com/*, and https://*.naver.com/*. The exact domains contacted are determined by the user's Naver account settings. No encryption status or data types were detected.

Code Findings

Communicates with native appsHigh

This extension communicates with native apps installed on your device, which could potentially allow an attacker to inject malicious code into the native app if the extension is compromised.

Technical: The nativeMessaging permission grants access to the Chrome Native Messaging API, enabling communication between the extension and native apps. This could potentially allow an attacker to inject malicious code into the native app if the extension is compromised.

💡 This pattern commonly exists in legitimate extensions that require access to native services.

Uses postMessage for cross-origin commsMedium

This extension uses the postMessage API to communicate with other scripts across different origins, which could potentially allow an attacker to inject malicious content into your browser.

Technical: The extension uses the postMessage API to send and receive messages between scripts running in different contexts. This could potentially allow an attacker to inject malicious content into your browser if the extension is compromised.

💡 This pattern commonly exists in legitimate extensions that require communication with other scripts across different origins.

Bottom Line

Overall, this extension appears to be a legitimate tool for accessing Naver's video services within your browser. However, the nativeMessaging permission does raise some concerns about potential data exposure and attack surface if compromised. Users should exercise caution when installing extensions that require native messaging permissions.