Browse Security AI Extensions Collections
📦

Custom Cursor For Chrome

🔍 Security Report Available
👥 5M+ users
📦 v3.5.2
💾 2.43MiB
📅 2026-02-19
View on Chrome Web Store

Chrome will indicate if you already have this installed.

Overview

Fun custom cursors for Chrome™. Use a large collection of free cursors or upload your own.

Tags

Lifestyle/fun lifestyle/fun

Privacy Practices

✅ Does not collect your data
✅ Does not sell your data to third parties
✅ Does not use data for unrelated purposes

Security Analysis

Analyzed v3.5.2 · Feb 21, 2026 · 5 JS files · 970 KB scanned

Permissions

scripting storage unlimitedStorage notifications alarms

Code Patterns Detected

Function constructor used — dynamic code execution innerHTML assignment — potential XSS vector Makes HTTP requests

External Connections

custom-cursor.com www.w3.org github.com www.facebook.com twitter.com discord.com fb.me reactjs.org git.io social-plugins.line.me telegram.me www.pinterest.com +2 more

Package Contents 113 files · 5.9MB

📁_locales185KB
📁am4KB
{}messages.json4KB
📁ar3KB
{}messages.json3KB
📁bg4KB
{}messages.json4KB
📁bn4KB
{}messages.json4KB
📁ca3KB
{}messages.json3KB
📁cs3KB
{}messages.json3KB
📁da3KB
{}messages.json3KB
📁de3KB
{}messages.json3KB
📁el4KB
{}messages.json4KB
📁en3KB
{}messages.json3KB
📁en_GB3KB
{}messages.json3KB
📁en_US3KB
{}messages.json3KB
📁es3KB
{}messages.json3KB
📁es_4193KB
{}messages.json3KB
📁et3KB
{}messages.json3KB
📁fa4KB
{}messages.json4KB
📁fi3KB
{}messages.json3KB
📁fil3KB
{}messages.json3KB
📁fr3KB
{}messages.json3KB
📁gu4KB
{}messages.json4KB
📁he3KB
{}messages.json3KB
📁hi4KB
{}messages.json4KB
📁hr3KB
{}messages.json3KB
📁hu3KB
{}messages.json3KB
📁id3KB
{}messages.json3KB
📁it3KB
{}messages.json3KB
📁ja3KB
{}messages.json3KB
📁kn5KB
{}messages.json5KB
📁ko3KB
{}messages.json3KB
📁lt3KB
{}messages.json3KB
📁lv3KB
{}messages.json3KB
📁ml5KB
{}messages.json5KB
📁mr4KB
{}messages.json4KB
📁ms3KB
{}messages.json3KB
📁nl3KB
{}messages.json3KB
📁no3KB
{}messages.json3KB
📁pl3KB
{}messages.json3KB
📁pt_BR3KB
{}messages.json3KB
📁pt_PT3KB
{}messages.json3KB
📁ro3KB
{}messages.json3KB
📁ru4KB
{}messages.json4KB
📁sk3KB
{}messages.json3KB
📁sl3KB
{}messages.json3KB
📁sr4KB
{}messages.json4KB
📁sv3KB
{}messages.json3KB
📁sw3KB
{}messages.json3KB
📁ta5KB
{}messages.json5KB
📁te5KB
{}messages.json5KB
📁th4KB
{}messages.json4KB
📁tr3KB
{}messages.json3KB
📁uk4KB
{}messages.json4KB
📁vi3KB
{}messages.json3KB
📁zh_CN3KB
{}messages.json3KB
📁zh_TW3KB
{}messages.json3KB
📁_metadata15KB
{}verified_contents.json15KB
📁assets4.2MB
📁fonts4.1MB
📄AvenirNextCyr-Bold.eot87KB
🖼AvenirNextCyr-Bold.svg244KB
🔤AvenirNextCyr-Bold.ttf86KB
🔤AvenirNextCyr-Bold.woff40KB
🔤AvenirNextCyr-Bold.woff228KB
📄AvenirNextCyr-Demi.eot87KB
🖼AvenirNextCyr-Demi.svg244KB
🔤AvenirNextCyr-Demi.ttf87KB
🔤AvenirNextCyr-Demi.woff39KB
🔤AvenirNextCyr-Demi.woff227KB
📄AvenirNextCyr-Medium.eot87KB
🖼AvenirNextCyr-Medium.svg243KB
🔤AvenirNextCyr-Medium.ttf87KB
🔤AvenirNextCyr-Medium.woff40KB
🔤AvenirNextCyr-Medium.woff227KB
📄fa-brands-400.eot128KB
🖼fa-brands-400.svg684KB
🔤fa-brands-400.ttf128KB
🔤fa-brands-400.woff86KB
🔤fa-brands-400.woff274KB
📄fa-regular-400.eot34KB
🖼fa-regular-400.svg141KB
🔤fa-regular-400.ttf33KB
🔤fa-regular-400.woff16KB
🔤fa-regular-400.woff213KB
📄fa-solid-900.eot188KB
🖼fa-solid-900.svg823KB
🔤fa-solid-900.ttf188KB
🔤fa-solid-900.woff96KB
🔤fa-solid-900.woff274KB
📁icons153KB
🖼icon128.png4KB
🖼icon256.png9KB
🖼icon32.png1018B
🖼icon48.png2KB
🖼icon96.png4KB
🖼loading.gif131KB
🖼trash.png2KB
📁images15KB
📁icons1KB
🖼cursor-icon.png477B
🖼pointer-icon.png547B
🖼size-icon.png477B
📁other9KB
🖼before-view.png9KB
🖼logo.png4KB
🖼favicon.ico4KB
🖼logo.png4KB
📁css412KB
🎨style.min.css412KB
📁libs86KB
{}collections.json74KB
📜cursor.js5KB
📜cursor_old.js6KB
📁static82KB
📁media82KB
🔤AvenirNextCyr-Bold.11fbcea1790f3b67fde0.woff228KB
🔤AvenirNextCyr-Demi.b4b7aa57a0141775c8d8.woff227KB
🔤AvenirNextCyr-Medium.c9d1b6574aa0cf14c70d.woff227KB
📜background.js11KB
📜content.js7KB
🌐index.html3KB
🌐manage.html496B
{}manifest.json1KB
🌐options.html496B
📜popup.min.js941KBlarge

What This Extension Does

Custom Cursor For Chrome allows users to customize their cursor with a large collection of free cursors or upload their own. It appears to be a lifestyle/fun extension that provides a visual customization option for Chrome users.

Permissions Explained

  • scripting: Allows the extension to execute scripts in web pages, which is standard for extensions that need to interact with web content.
  • storage: Enables the extension to store data locally on the user's device, which is common for extensions that need to remember settings or cache data.
  • unlimitedStorage: Grants unlimited storage access, which might be unusual for an extension that doesn't explicitly claim to handle large amounts of data. This could potentially allow the extension to store a significant amount of data without any limitations.
  • notifications: Allows the extension to display notifications to the user, which is standard for extensions that need to alert users about certain events or updates.
  • alarms: Enables the extension to schedule alarms, which might be used for periodic tasks or updates. This permission seems reasonable given the extension's functionality.
  • <all_urls>: Grants access to all URLs visited by the user, including those on secure (HTTPS) and non-secure (HTTP) connections. This is a critical risk because it allows the extension to potentially intercept sensitive information from any website.

What We Found in the Code

  • Function constructor used — dynamic code execution: The use of function constructors for dynamic code execution can be a legitimate pattern, especially if it's used within a controlled environment like an extension. However, without more context, this could also indicate potential misuse.
  • innerHTML assignment — potential XSS vector: Assigning innerHTML directly from user input or untrusted sources is indeed a potential cross-site scripting (XSS) vulnerability. If the extension uses innerHTML for UI rendering and doesn't properly sanitize user-provided data, it could lead to security issues.
  • Makes HTTP requests: Making HTTP requests is a normal operation for extensions that need to fetch resources from external servers. This flag alone does not indicate any security concerns without more context.

External Connections

The extension communicates with the following domains:
  • custom-cursor.com: Expected, as this could be the server hosting custom cursors.
  • www.w3.org, github.com, www.facebook.com, twitter.com, discord.com, fb.me, reactjs.org, git.io, social-plugins.line.me, telegram.me, and www.pinterest.com: These domains are not directly related to the extension's functionality as described. They might be included for tracking, analytics, or other purposes that aren't immediately clear.

Things to Consider

  • The permissions declared by the extension seem broad for an extension that primarily offers a visual customization option. The <all_urls> permission stands out as particularly concerning due to its potential impact on user privacy.
  • The use of unlimitedStorage might be more than necessary for an extension that doesn't explicitly claim to handle large amounts of data.
  • The inclusion of external domains unrelated to the extension's primary functionality could indicate additional features or tracking mechanisms not immediately apparent from the description.

Similar Extensions

More in Lifestyle/fun →
📦

Return Youtube Dislike

6M+ users
Returns ability to see dislikes
Lifestyle/fun
📦

Stylish Custom Themes For

2M+ users
With hundreds of thousands of themes, skins & free backgrounds, you can customize any website with your own color scheme…
Lifestyle/fun
📦

%D1%80%D1%83%D1%82%D1%80%D0%B5%D0%BA%D0%B5%D1%80 %…

2M+ users
Доступ к RuTracker.org, поиск и пр.
Lifestyle/fun

My Doodle

1M+ users
Change Google Logo
Lifestyle/fun