Microsoft Power Automate
🔍 Security Report Available View on Chrome Web StoreChrome will indicate if you already have this installed.
Lets you automate web tasks with Microsoft Power Automate, a powerful extension that enables seamless automation for desktop users running version 2.27 or later of the Power Automate for desktop application. Ideal for individuals and businesses looking to streamline repetitive tasks and workflows, this extension is particularly beneficial for those already familiar with Power Automate's capabilities. By integrating with Power Automate, users can automate web interactions with ease, saving time and increasing productivity.
Overview
Microsoft Power Automate extension
Microsoft Power Automate lets you automate manual processes and tasks on your computer. Install the extension to automate things on the web like scripting, data extraction, testing, filling out forms and more.
The Power Automate recorder utility will convert your steps to a flow. Just browse through your favorite parts of the web application and collect data, fill forms, download files – do all the things you usually do and see a flow getting developed.
This browser extension requires additional software to perform properly. Make sure that you've downloaded and installed Power Automate to your device before continuing.
Note: After a specific date that will be announced officially by the browser group, the browser will no longer support web extensions created by Manifest V2. The specific web extension has embraced the new Manifest V3 and it is compatible with Power Automate version 2.27 or later. In case you desire to install this web extension, please ensure that you have upgraded the Power Automate to a compatible version for automating web scenarios. Learn more here: https://go.microsoft.com/fwlink/?linkid=2211532
By installing this extension, you agree to the Terms at: https://docs.microsoft.com/dynamics365/legal/slt-power-automate-brsr
Tags
Privacy Practices
Security Analysis — Microsoft Power Automate
Permissions
Code Patterns Detected
External Connections
Package Contents 59 files · 3MB
What This Extension Does
The Microsoft Power Automate extension enables web automation, allowing users to automate manual processes and tasks on their computer. It's designed for productivity and workflow optimization, but requires additional software installation. With over 10 million users, it's a popular choice for those who need to streamline their work.
Permissions Explained
- <all_urls>check this: This permission allows the extension to access all URLs visited by the user, including sensitive information like login credentials and personal data.
Technical: The <all_urls> permission grants access to all web pages, including those with sensitive content. This could potentially expose users' browsing history, login credentials, or other personal data if compromised. ⚠ 1 - nativeMessagingcheck this: This permission enables the extension to communicate with native applications on the user's device.
Technical: The nativeMessaging API allows extensions to interact with native code, potentially exposing users' system settings or other sensitive information if compromised. ⚠ 1 - debuggercheck this: This permission allows the extension to inject into tabs and access debugging tools.
Technical: The debugger API enables extensions to inject code into web pages, potentially allowing for malicious activities like data exfiltration or code injection if compromised. ⚠ 1 - browsingDatacheck this: This permission allows the extension to access browsing history and other user data.
Technical: The browsingData API grants access to users' browsing history, including sensitive information like login credentials or personal data. This could potentially expose users' online activities if compromised. ⚠ 1 - scriptingexpected: This permission allows the extension to run scripts on web pages.
Technical: The scripting API enables extensions to execute JavaScript code, potentially allowing for malicious activities like data exfiltration or code injection if compromised. - tabsexpected: This permission allows the extension to access and manipulate tabs.
Technical: The tabs API grants access to users' open tabs, potentially exposing sensitive information like login credentials or personal data if compromised.
Your Data
The extension accesses browsing history and other user data through the <all_urls> and browsingData permissions. It also communicates with native applications using the nativeMessaging API. The extension sends data to various domains, including github.com, sizzlejs.com, jquery.com, jquery.org, and js.foundation.
Technical Details
- github.com
- sizzlejs.com
- jquery.com
- jquery.org
- js.foundation
- http
- https
- cookies
- tokens
- page content
Code Findings
The extension uses obfuscation techniques to make its code harder to understand. This is a common practice in legitimate extensions, but it can also be used for malicious purposes.
Technical: The extension uses the String.fromCharCode function to encode strings, making it difficult to analyze the code without deobfuscation tools.
💡 Legitimate extensions often use obfuscation to protect their intellectual property or make their code harder to reverse-engineer.
The extension injects into tabs using the debugger API, which can potentially allow for malicious activities like data exfiltration or code injection.
Technical: The extension uses the Debugger API to inject code into web pages, allowing it to access and manipulate sensitive information.
💡 Legitimate extensions often use the debugger API to debug their own code or provide debugging tools to users.
The extension uses the postMessage function to communicate with other web pages, which can potentially allow for malicious activities like data exfiltration or code injection.
Technical: The extension uses the postMessage function to send and receive messages between web pages, allowing it to access and manipulate sensitive information.
💡 Legitimate extensions often use cross-origin communication to provide features like messaging or data sharing between web pages.
The Microsoft Power Automate extension has several concerning permissions, including <all_urls>, nativeMessaging, and debugger. While it's a popular choice for productivity and workflow optimization, users should be aware of the potential risks associated with these permissions. We recommend exercising caution when installing this extension and monitoring its behavior closely.
