Colorzilla
🔍 Security Report Available View on Chrome Web StoreChrome will indicate if you already have this installed.
Overview
ColorZilla is the most user friendly, full-featured, secure and reliable color picker and color related suite of tools. It is one of the most popular Chrome and Firefox developer extensions with over 10 million downloads worldwide.
With ColorZilla you can get a color reading from any point in your browser, quickly adjust this color and paste it into another program. And it can do so much more...
== Features ==
✓ Eyedropper - get the color of any pixel on the page
✓ Advanced Color Picker (similar to Photoshop's)
✓ Ultimate CSS Gradient Generator
✓ Webpage Color Analyzer - get a color palette for any site
✓ Palette Viewer with 7 pre-installed palettes
✓ Color History of recently picked colors
✓ Various sampling sizes - 1x1, 3x3, 5x5, 11x11 and 25x25 pixels
✓ Sample average color of any selected area
✓ Displays element information like tag name, class, id, size etc.
✓ Auto copy picked colors to clipboard
✓ Keyboard shortcuts
✓ Manipulate colors by their Hue/Saturations/Value components
✓ Get colors of dynamic hover elements
✓ Single-click to start color picking (currently only on Windows)
✓ Pick colors at any zoom level
✓ All features here: https://colorzilla.com/chrome/features.html
== Why does ColorZilla need permission to "access data on all websites"? ==
This permission is needed by ColorZilla for its basic functionality of picking colors from websites. ColorZilla **DOES NOT** collect any of your data or your browsing activity on any websites. We are pretty fanatical about privacy ourselves, and your privacy is extremely important to us. Please visit this page for more info - https://colorzilla.com/chrome/privacy.html
== Feedback and bug reports ==
If you're having issues or found a bug, please don't post you bug report here, contact us directly so we can fix it: https://colorzilla.com/contact/
== Enjoying ColorZilla? Please rate! ==
If you like ColorZilla, please help spread the word by giving it a 5 star rating here ;)
If you're not fully satisfied, please contact us https://colorzilla.com/contact/ and we'll make sure to help.
== ColorZilla homepage ==
Additional info, help and more is here: https://colorzilla.com/chrome/
== Stay tuned ==
For new feature announcements or just to say hello, please follow ColorZilla on Twitter https://twitter.com/colorzilla
Tags
Privacy Practices
Security Analysis — Colorzilla
Permissions
Code Patterns Detected
External Connections
Package Contents 87 files · 1.1MB
What This Extension Does
ColorZilla is a popular Chrome extension that provides advanced color picking, gradient generation, and other features for developers. It allows users to pick colors from any point on the page, adjust them, and paste them into another program. With over 4 million users, it's an essential tool for web designers and developers.
Permissions Explained
- tabsexpected: Allows ColorZilla to access and interact with open tabs in the browser.
Technical: Provides access to Chrome.tabs API, allowing the extension to read and modify tab data, including URLs, titles, and content. - scriptingexpected: Enables ColorZilla to execute scripts in the context of web pages it interacts with.
Technical: Provides access to Chrome.scripting API, allowing the extension to inject and run scripts on web pages, potentially introducing XSS risks if not properly sanitized. - storageexpected: Allows ColorZilla to store data locally on the user's device.
Technical: Provides access to Chrome.storage API, allowing the extension to read and write data to local storage, including color history and settings. - <all_urls>check this: Gives ColorZilla permission to access all websites and web pages, including those with sensitive or restricted content.
Technical: Provides unrestricted access to Chrome.tabs API, allowing the extension to read and modify data on any website, potentially introducing significant security risks if not properly sanitized. ⚠ 1
Your Data
ColorZilla accesses color data from web pages, stores it locally, and sends some data to its servers for feature updates and analytics. It does not collect any sensitive user data or browsing activity.
Technical Details
- www.colorzilla.com
- colorzilla.com
- HTTP
- HTTPS
- color data
- settings
Code Findings
ColorZilla uses dynamic code execution, which can potentially introduce security risks if not properly sanitized.
Technical: The extension uses the function constructor to execute code dynamically, allowing for potential XSS attacks if malicious input is injected.
💡 Legitimate extensions often use dynamic code execution for features like color picking and gradient generation.
ColorZilla uses innerHTML assignment, which can potentially introduce XSS risks if not properly sanitized.
Technical: The extension assigns innerHTML to an element, allowing for potential XSS attacks if malicious input is injected.
💡 Legitimate extensions often use innerHTML assignment for features like color picking and gradient generation.
ColorZilla captures keystrokes, which can potentially introduce significant security risks if not properly sanitized.
Technical: The extension uses the keyboard API to capture keystrokes, allowing for potential keylogging and other malicious activities.
💡 Legitimate extensions often use keystroke capture for features like color picking and gradient generation.
While ColorZilla is a popular and useful extension for developers, its permission scope exceeds what's necessary for its stated purpose. Users should exercise caution when installing this extension, especially considering the potential security risks introduced by dynamic code execution, keystroke capture, and XSS vectors.
