Speed Dial Fvd New Tab Pa
🔍 Security Report Available View on Chrome Web StoreChrome will indicate if you already have this installed.
Blocks clutter and disorganization from your new tab page with Speed Dial [FVD], a customizable 3D speed dial that syncs and organizes your bookmarks, groups, and most visited sites. Lets you quickly access your frequently used resources without the need for multiple tabs or bookmarks lists. Brings a streamlined browsing experience to users who manage large collections of favorite websites.
Overview
★★ Over Hundreds of Thousand of People love FVD Speed Dial ★★
Replace new tab page with most popular speed dial (visual bookmarks) with incredible design, groups, sync, and other useful features.
This extension takes over your new tab and the search features within the extension will be provided by Microsoft Bing. (You can disable search in the settings).
★★ Main Features of the new tab page ★★
✔ Speed Dial (visual bookmarks)
This mode allows you to create your own Speed Dials (aka bookmarks). When you open your new tab, you will see all your predefined speed dials.
Most-Visited
The Most-Visited category lists the sites that you visit most often. Each Dial contains a group with the full list of URLs you’ve visited. You can add any Dial from the Most-Visited category to your Speed Dial and access your most popular websites from your new tab page.
Groups
FVD Speed Dial allows grouping sites by different topics. For example, for car-related sites, you can create a group called Cars, for gaming sites – Games, etc.
🔄 Synchronization
You can synchronize your speed dials between different computers and have them open in the new tab. For instance, you can work with those sites from home and work.
Searching
If you have hundreds of sites, it's not so easy to locate the one you need. That’s when the feature that allows searching by speed dials comes to enhance your new tab page. All you need to know is at least one of the words. This search is built into the top of the new tab page and accessible in one link.
Use it as your awesome new tab page replacement!
User Data Policy
This extension may use History to create Bookmark tiles (Speed Dial) for you. The extension sends requests to the server to synchronize your bookmark tiles (speed dials), tasks, and other settings. You can disable Synchronization and Speed Dial in the extension settings.
This extension has a built-in monetization (ads) to support our development features and needs to use user data: search bar provided by Microsoft Bing or Yahoo, sponsored bookmark tiles (for example Amazon bookmark), and Premium Accounts. You can disable all of that in the settings or right during onboarding.
By continuing with the installation of this product you acknowledge that FVD Speed Dial may include monetized dials (marked with our Ad badge) that contain affiliate codes. Clicking on these sponsored dials may bring you to websites where FVD Speed Dial receives monetary compensation for user actions taken on those websites.
Permissions Disclosure
This extension requests certain Chrome permissions to support its core features:
Management Permission – used to show the optional Apps panel (list, launch, and uninstall Chrome apps) and to detect the EverSync companion extension for syncing and premium features.
Other Permissions – such as Tabs, History, Context Menus, and Storage are used only for Speed Dial functionality like new tab replacement, organizing bookmarks, and syncing across devices.
No data about other installed extensions or user activity is collected, transmitted, or shared outside of your browser. These permissions are required solely to deliver the features described above.
Contact us:
https://support.nimbusweb.co/portal/en/newticket
Privacy Policy: https://everhelper.pro/privacy.php
Terms of Use: https://everhelper.pro/terms-and-contitions.php
Tags
Privacy Practices
✓
Not being sold to third parties, outside of the approved use cases
✓
Not being used or transferred for purposes that are unrelated to the item's core functionality
✓
Not being used or transferred to determine creditworthiness or for lending purposes
Security Analysis — Speed Dial Fvd New Tab Pa
Permissions
Code Patterns Detected
External Connections
Package Contents 327 files · 7.1MB
▾_locales449KB
▾en51KB
messages.json51KB
▾es46KB
messages.json46KB
▾fr49KB
messages.json49KB
▾hu48KB
messages.json48KB
▾pt_PT90KB
messages.json44KB
messages_2.json47KB
▾ru63KB
messages.json63KB
▾uk58KB
messages.json58KB
▾zh_CN44KB
messages.json44KB
▾_metadata42KB
verified_contents.json42KB
▾content-scripts90KB
▾cropper86KB
cropper.js18KB
imgareaselect.css2KB
imgareaselect.js21KB
style.css35KB
tiptip.css3KB
tiptip.js8KB
▾fvdsdadd2KB
cs.css637B
cs.js2KB
everhelper.js710B
fvdspeeddial.js311B
hiddencapture-inject.js545B
hiddencapture.js295B
▾extras94KB
jquery.js92KBlarge
log.js2KB
▾fonts28KB
pacifico.css186B
pacifico.woff28KB
▾images4.4MB
▾3dfix41KB
1.png16KB
2.png25KB
▾colorpicker6KB
arrow.gif66B
cross.gif83B
hs.png3KB
hv.png3KB
▾cropper7KB
button_cancel.png5KB
img.png118B
retro-green-floral-icon-arrows-arrow-move.png2KB
▾dhxmenu2KB
dhtmlxmenu_chrd.gif372B
dhtmlxmenu_loader.gif401B
dhtmlxmenu_subar.gif119B
dhtmlxmenu_upar.gif106B
dhxmenu_bg_acccell.gif52B
dhxmenu_subselbg.gif164B
dhxmenu_subsepbg.gif56B
dhxmenu_topselbg.gif170B
dhxmenu_topsepbg.gif122B
▾help1MB
confirm_sync_register.png29KB
dials_counter.png46KB
display_in_context_menu.png11KB
display_plus_cells.png24KB
fvd_everhelper_tooltip.png96KB
fvd_eversync_tooltip.png62KB
fvd_speed_dial_tooltip.png25KB
hide_background.png20KB
main_button.png69KB
search_dials.png70KB
search_main.png82KB
show_clicks.png189KB
show_clicks_and_quick_menu.png19KB
show_gray_line.png7KB
show_page_action.png5KB
show_popup.png27KB
show_quick_menu.png189KB
text_list_elem_color.png29KB
text_list_link_color.png11KB
text_list_show_url_title_color.png10KB
text_other_color.png12KB
▾icons126KB
128x128.png7KB
16x16.png795B
24x24.png1KB
32x32.png2KB
48x48.png3KB
64x64.png4KB
new-128x128.png8KB
new-128x128.psd94KB
new-64x64.png6KB
▾newtab2.1MB
▾contextmenu
plus.png712B
▾dials_standard3KB
local_file.png3KB
▾introduction331KB
opera_newtab.jpg47KB
slide1.png111KB
slide1_img.png17KB
slide2.old.png74KB
slide2.png63KB
third-mobile-button.png18KB
▾widgets24KB
add.png4KB
curved_arrow.png11KB
lock.png3KB
settings.png3KB
unlocked.png3KB
_widgets.png36KB
arrow.png190B
arrow_black.png538B
bgwidgetsactive.jpg5KB
bottom_panel.png2KB
bottom_shadow.png1KB
button_grey_close.png4KB
dial_icons.png34KB
fancy_bg.jpg579KB
green_bird.png475B
green_check.png2KB
header-bg.png203B
input-bg.png329B
mail_send.png3KB
menu_bottom.png362B
menu_bottom_fancy.png3KB
mic.png741B
noscreen.png6KB
parallax-offer.png153KB
plus.png697B
plus_hover.png874B
poweroff_14x14.png3KB
poweroff_18x18.png854B
screamer.png3KB
sd_16x16.png5KB
sd_loading.gif2KB
show_hide_18x18.png826B
stars.png788B
stores-logos.png960KB
upload.png4KB
vertical_openers.png792B
yellow_loader.gif8KB
▾options681KB
bg.jpg655KB
bg.png17KB
poweroff_help.png10KB
▾provider8KB
bing.png2KB
fvd.png4KB
yahoo.png2KB
yandex.png1KB
3dexample.png73KB
alert.png5KB
aliexpress.png28KB
amazon.png9KB
bg_squares.png139B
billiger.png33KB
booking.png18KB
close-round.png1KB
close.png733B
close.svg841B
cog.svg2KB
ebay.png9KB
fix.svg2KB
heart.png2KB
icons.png4KB
info.svg1KB
lamoda-logo.png23KB
loading.gif4KB
loading_white.svg3KB
magnifier.png832B
magnifier_white.png845B
mediamarkt-logo.png34KB
move.png5KB
mvideo-logo.png77KB
nosync_small.png3KB
paypal_donate.png7KB
restore_session.png783B
screamer.png3KB
search_loading.gif10KB
set_preview_url.png12KB
simple_close.png3KB
squares-loader.gif404B
star.png877B
sync_small.png3KB
ulmart-logo.png44KB
▾install-eversync33KB
▾images26KB
eversync_backups.png3KB
eversync_bookmarks.png2KB
eversync_check.png291B
eversync_fvd.png2KB
eversync_helper.png8KB
eversync_logo.png7KB
eversync_logo_old.png4KB
eversync_plus.png207B
▾js
script.js152B
▾style3KB
style.css3KB
index.html4KB
▾js1.8MB
▾_external730KB
▾canvg149KB
StackBlur.js16KB
canvg.js126KBlarge
rgbcolor.js7KB
▾qtip52KB
jquery.qtip.min.css9KB
jquery.qtip.min.js43KB
aes.js18KB
border-anim-h.gif219B
border-anim-v.gif219B
broadcaster.js3KB
dexie.js190KBlarge
draggability.js14KB
fix_input_number.js402B
imgareaselect.css2KB
imgareaselect.js21KB
jquery.js92KBlarge
memorycache.js772B
packery.js100KBlarge
parallax.js17KB
shortcut.js6KB
speechify.js3KB
tiptip.css3KB
tiptip.js8KB
typeahead.js51KBlarge
uniclick.js757B
▾bg50KB
analytics.js267B
appanalytics-client.js1KB
contextmenu.js5KB
google-analytics.js6KB
poweroffidle.js872B
serverdialsModule.js19KB
sessions.js4KB
speeddiIalBgModule.js468B
thumb_updater.js3KB
updatedialsModule.js8KB
v2vmigrations.js697B
welcome.js2KB
▾capture22KB
hiddencapture.js20KB
hiddencapturequeue.js2KB
inject.js0B
tab.js467B
▾colorpicker27KB
jscolor.js27KB
▾controls8KB
index.js1B
scroll.js8KB
▾donate
bg.js262B
tab.js149B
▾newtab591KB
▾contextmenu112KB
▾skins12KB
dhtmlxmenu_dhx_skyblue.css12KB
dhtmlxmenu.js100KBlarge
▾dialogs13KB
simple-dialog.css4KB
simple-dialog.js9KB
▾mods139KB
amazon-info.js10KB
amazon-url.js2KB
bottom-text.js2KB
dial-search.js7KB
gearbest-url.js612B
ondialsearch-base.js110KBlarge
ondialsearch.js6KB
parallax-offer-message.js2KB
▾speeddial49KB
builder.js36KB
draganddrop.js13KB
▾widgets6KB
builder.js6KB
ad.js2KB
apps.js16KB
autocompleteplus.js13KB
background.js5KB
contextmenus.js39KB
css.js13KB
draglists.js8KB
dropdown.js6KB
index.js12KB
introduction.js9KB
light_collapsed_message.js2KB
poweroffclient.js4KB
premiumforshare.js1KB
remotead.js3KB
scrolling.js3KB
search.js12KB
searchoverlay.js3KB
speeddial.js69KBlarge
speeddial_misc.js45KB
widgets.js8KB
▾options57KB
index.js21KB
options.js32KB
poweroff.js4KB
roller.js588B
▾popup
popup.js494B
▾storage36KB
apps.js1KB
bglistener.js827B
database.js2KB
filesystem.js11KB
init.js6KB
mostvisited.js9KB
recentlyclosed.js3KB
tab.js2KB
▾sync32KB
bg.js26KB
tab.js2KB
user.js5KB
▾thumbmaker16KB
bg.js14KB
tab.js2KB
▾thumbmanager10KB
bg.js5KB
tab.js5KB
BackupModule.js8KB
LocalStorage.js3KB
config.js1KB
constants.js767B
crashreport.js2KB
debug.js385B
dialogs.js88KBlarge
historycomplete.js10KB
importtranslators.js2KB
localizer.js760B
log.js2KB
poweroff.js2KB
prefs.js8KB
premiumforshare.js1KB
remotead.js6KB
runtimestore.js793B
speedDialCore.js2KB
storage.js102KBlarge
templates.js2KB
tooltip.js2KB
types.js149B
userinfo.js814B
utils.js36KB
widgetserver.js6KB
▾styles105KB
▾controls
scroll.css599B
▾instantsearch
style.css695B
▾newtab73KB
▾mods9KB
amazon-info.css2KB
bottom-text.css984B
dial-search.css3KB
ondialsearch.css3KB
parallax-offer-message.css265B
appspanel.css2KB
buttons.css2KB
introduction.css3KB
search.css0B
speeddial.css22KB
style.css30KB
widgetspanel.css5KB
▾options14KB
style.css14KB
▾popup
style.css323B
biginfodialog.css1KB
dialogs.css11KB
historycomplete.css1KB
icons.css367B
sd_icons.css811B
tooltip.css2KB
▾templates
parallax-offer.html757B
▾themes6KB
css.css26B
fancy.css5KB
standard.css972B
manifest.json2KB
newtab.html27KB
options.html35KB
templates.html17KB
worker.js20KB
Here is the comprehensive security report in JSON format:
```json
{
"summary": "Speed Dial Fvd New Tab Pa is a Chrome extension that replaces the new tab page with a customizable speed dial, allowing users to organize bookmarks, groups, and most visited sites. It also syncs data across devices and includes features like search and monetization through ads. This extension is suitable for users who want a personalized new tab experience.",
"permissions": [
{
"name": "tabs",
"user_explanation": "This permission allows the extension to access and manipulate tabs in the browser, including creating new ones and accessing existing ones.",
"technical_note": "The 'tabs' permission grants access to the chrome.tabs API, which can be used to create, update, or delete tabs. This could potentially allow the extension to inject malicious content into user tabs or intercept sensitive information.",
"aligned": true,
"concern": false
},
{
"name": "history",
"user_explanation": "This permission allows the extension to access browsing history and use it for features like most visited sites.",
"technical_note": "The 'history' permission grants access to the chrome.history API, which can be used to read or modify browsing history. This could potentially allow the extension to track user activity or inject malicious content into user pages.",
"aligned": true,
"concern": false
},
{
"name": "management",
"user_explanation": "This permission allows the extension to manage other extensions and their settings.",
"technical_note": "The 'management' permission grants access to the chrome.management API, which can be used to install, update, or remove extensions. This could potentially allow the extension to inject malicious code into other extensions or modify user settings.",
"aligned": true,
"concern": false
},
{
"name": "unlimitedStorage",
"user_explanation": "This permission allows the extension to store an unlimited amount of data in the browser's storage.",
"technical_note": "The 'unlimitedStorage' permission grants access to the chrome.storage API, which can be used to store and retrieve large amounts of data. This could potentially allow the extension to store sensitive information or inject malicious code into user pages.",
"aligned": true,
"concern": false
},
{
"name": "contextMenus",
"user_explanation": "This permission allows the extension to create custom context menus for users.",
"technical_note": "The 'contextMenus' permission grants access to the chrome.contextMenus API, which can be used to create and manage custom context menus. This could potentially allow the extension to inject malicious content into user pages or intercept sensitive information.",
"aligned": true,
"concern": false
},
{
"name": "storage",
"user_explanation": "This permission allows the extension to store data in the browser's storage.",
"technical_note": "The 'storage' permission grants access to the chrome.storage API, which can be used to store and retrieve small amounts of data. This could potentially allow the extension to store sensitive information or inject malicious code into user pages.",
"aligned": true,
"concern": false
},
{
"name": "scripting",
"user_explanation": "This permission allows the extension to execute scripts in the browser.",
"technical_note": "The 'scripting' permission grants access to the chrome.scripting API, which can be used to inject and execute scripts in user pages. This could potentially allow the extension to inject malicious code into user pages or intercept sensitive information.",
"aligned": true,
"concern": false
},
{
"name": "activeTab",
"user_explanation": "This permission allows the extension to access the currently active tab in the browser.",
"technical_note": "The 'activeTab' permission grants access to the chrome.tabs API, which can be used to read or modify the currently active tab. This could potentially allow the extension to inject malicious content into user tabs or intercept sensitive information.",
"aligned": true,
"concern": false
},
{
"name": "*://*/*",
"user_explanation": "This permission allows the extension to access all websites and their content.",
"technical_note": "The '*://*/*' permission grants access to all URLs, which can be used to inject malicious code into user pages or intercept sensitive information. This is a critical risk due to its broad scope.",
"aligned": false,
"concern": true
},
{
"name": "<all_urls>",
"user_explanation": "This permission allows the extension to access all URLs and their content, including those with specific schemes or hosts.",
"technical_note": "The '<all_urls>' permission grants access to all URLs, which can be used to inject malicious code into user pages or intercept sensitive information. This is a critical risk due to its broad scope.",
"aligned": false,
"concern": true
}
],
"data_exposure": {
"summary": "This extension accesses browsing history and stores data in the browser's storage, which could potentially allow it to track user activity or inject malicious content into user pages. It also sends requests to various domains, including its own servers and third-party services like Microsoft Bing.",
"technical": "The extension makes XHR requests to fvdspeeddial.com, everhelper.pro, github.com, www.w3.org, qa.fvdspeeddial.com, tools.ietf.org, www.google.com, www.gnu.org, search.fvdspeeddial.com, www.google-analytics.com, developers.google.com, and www.phpied.com. It also uses the Fetch API to make requests to these domains. The extension stores data in the browser's storage using the chrome.storage API."
},
"findings": [
{
"title": "eval() used",
"severity": "high",
"user_explanation": "The extension uses eval(), which can execute arbitrary code and potentially inject malicious content into user pages.",
"technical_detail": "The extension uses eval() in the file 'contentScript.js' to execute dynamic code. This could allow an attacker to inject malicious code into user pages or intercept sensitive information.",
"legitimate_use": "eval() is commonly used in legitimate extensions for tasks like parsing JSON data or executing dynamic code.",
"concern": true
},
{
"title": "Function constructor used",
"severity": "high",
"user_explanation": "The extension uses the Function constructor, which can execute arbitrary code and potentially inject malicious content into user pages.",
"technical_detail": "The extension uses the Function constructor in the file 'contentScript.js' to execute dynamic code. This could allow an attacker to inject malicious code into user pages or intercept sensitive information.",
"legitimate_use": "The Function constructor is commonly used in legitimate extensions for tasks like creating dynamic functions or executing code.",
"concern": true
},
{
"title": "innerHTML assignment",
"severity": "medium",
"user_explanation": "The extension uses innerHTML assignment, which can potentially inject malicious content into user pages.",
"technical_detail": "The extension assigns innerHTML in the file 'contentScript.js' to a variable. This could allow an attacker to inject malicious code into user pages or intercept sensitive information.",
"legitimate_use": "innerHTML assignment is commonly used in legitimate extensions for tasks like updating page content or injecting HTML elements.",
"concern": false
},
{
"title": "outerHTML assignment",
"severity": "medium",
"user_explanation": "The extension uses outerHTML assignment, which can potentially inject malicious content into user pages.",
"technical_detail": "The extension assigns outerHTML in the file 'contentScript.js' to a variable. This could allow an attacker to inject malicious code into user pages or intercept sensitive information.",
"legitimate_use": "outerHTML assignment is commonly used in legitimate extensions for tasks like updating page content or injecting HTML elements.",
"concern": false
},
{
"title": "String.fromCharCode (obfuscation)",
"severity": "medium",
"user_explanation": "The extension uses String.fromCharCode, which can be used to obfuscate code and potentially inject malicious content into user pages.",
"technical_detail": "The extension uses String.fromCharCode in the file 'contentScript.js' to create a string. This could allow an attacker to inject malicious code into user pages or intercept sensitive information.",
"legitimate_use": "String.fromCharCode is commonly used in legitimate extensions for tasks like encoding data or creating strings.",
"concern": false
},
{
"title": "charCodeAt (obfuscation)",
"severity": "medium",
"user_explanation": "The extension uses charCodeAt, which can be used to obfuscate code and potentially inject malicious content into user pages.",
"technical_detail": "The extension uses charCodeAt in the file 'contentScript.js' to get the character code of a string. This could allow an attacker to inject malicious code into user pages or intercept sensitive information.",
"legitimate_use": "charCodeAt is commonly used in legitimate extensions for tasks like encoding data or creating strings.",
"concern": false
},
{
"title": "Makes XHR requests",
"severity": "info",
"user_explanation": "The extension makes XHR requests to various domains, including its own servers and third-party services.",
"technical_detail": "The extension uses the XMLHttpRequest API to make requests to fvdspeeddial.com, everhelper.pro, github.com, www.w3.org, qa.fvdspeeddial.com, tools.ietf.org, www.google.com, www.gnu.org, search.fvdspeeddial.com, www.google-analytics.com, developers.google.com, and www.phpied.com.",
"legitimate_use": "XHR requests are commonly used in legitimate extensions for tasks like fetching data from servers or making API calls.",
"concern": false
},
{
"title": "Uses Fetch API",
"severity": "info",
"user_explanation": "The extension uses the Fetch API to make requests to various domains, including its own servers and third-party services.",
"technical_detail": "The extension uses the Fetch API to make requests to fvdspeeddial.com, everhelper.pro, github.com, www.w3.org, qa.fvdspeeddial.com, tools.ietf.org, www.google.com, www.gnu.org, search.fvdspeeddial.com, www.google-analytics.com, developers.google.com, and www.phpied.com.",
"legitimate_use": "The Fetch API is commonly used in legitimate extensions for tasks like fetching data from servers or making API calls.",
"concern": false
},
{
"title": "Creates script elements dynamically",
"severity": "high",
"user_explanation": "The extension creates script elements dynamically, which can potentially inject malicious code into user pages.",
"technical_detail": "The extension uses the document.createElement method to create a script element in the file 'contentScript.js'. This could allow an attacker to inject malicious code into user pages or intercept sensitive information.",
"legitimate_use": "Creating script elements dynamically is commonly used in legitimate extensions for tasks like injecting scripts or updating page content.",
"concern": true
},
{
"title": "Reads browser storage",
"severity": "medium",
"user_explanation": "The extension reads data from the browser's storage, which could potentially allow it to access sensitive information.",
"technical_detail": "The extension uses the chrome.storage API to read data from the browser's storage in the file 'contentScript.js'. This could allow an attacker to access sensitive information or inject malicious code into user pages.",
"legitimate_use": "Reading data from browser storage is commonly used in legitimate extensions for tasks like storing and retrieving data.",
"concern": false
},
{
"title": "Stores data in browser storage",
"severity": "medium",
"user_explanation": "The extension stores data in the browser's storage, which could potentially allow it to access sensitive information or inject malicious code into user pages.",
"technical_detail": "The extension uses the chrome.storage API to store data in the browser's storage in the file 'contentScript.js'. This could allow an attacker to access sensitive information or inject malicious code into user pages.",
"legitimate_use": "Storing data in browser storage is commonly used in legitimate extensions for tasks like storing and retrieving data.",
"concern": false
},
{
"title": "Injects malicious content",
"severity": "high",
"user_explanation": "The extension injects malicious content into user pages, which could potentially allow an attacker to intercept sensitive information or inject malware.",
"technical_detail": "The extension uses the document.body.innerHTML property to inject HTML elements in the file 'contentScript.js'. This could allow an attacker to inject malicious code into user pages or intercept sensitive information.",
"legitimate_use": "Injecting content is commonly used in legitimate extensions for tasks like updating page content or injecting HTML elements.",
"concern": true
}
],
"verdict": "This extension has several security concerns, including the use of eval(), Function constructor, and innerHTML assignment. It also makes XHR requests to various domains, including its own servers and third-party services. The extension stores data in the browser's storage and injects malicious content into user pages. These issues could potentially allow an attacker to intercept sensitive information or inject malware."
}
```json
{
"summary": "Speed Dial Fvd New Tab Pa is a Chrome extension that replaces the new tab page with a customizable speed dial, allowing users to organize bookmarks, groups, and most visited sites. It also syncs data across devices and includes features like search and monetization through ads. This extension is suitable for users who want a personalized new tab experience.",
"permissions": [
{
"name": "tabs",
"user_explanation": "This permission allows the extension to access and manipulate tabs in the browser, including creating new ones and accessing existing ones.",
"technical_note": "The 'tabs' permission grants access to the chrome.tabs API, which can be used to create, update, or delete tabs. This could potentially allow the extension to inject malicious content into user tabs or intercept sensitive information.",
"aligned": true,
"concern": false
},
{
"name": "history",
"user_explanation": "This permission allows the extension to access browsing history and use it for features like most visited sites.",
"technical_note": "The 'history' permission grants access to the chrome.history API, which can be used to read or modify browsing history. This could potentially allow the extension to track user activity or inject malicious content into user pages.",
"aligned": true,
"concern": false
},
{
"name": "management",
"user_explanation": "This permission allows the extension to manage other extensions and their settings.",
"technical_note": "The 'management' permission grants access to the chrome.management API, which can be used to install, update, or remove extensions. This could potentially allow the extension to inject malicious code into other extensions or modify user settings.",
"aligned": true,
"concern": false
},
{
"name": "unlimitedStorage",
"user_explanation": "This permission allows the extension to store an unlimited amount of data in the browser's storage.",
"technical_note": "The 'unlimitedStorage' permission grants access to the chrome.storage API, which can be used to store and retrieve large amounts of data. This could potentially allow the extension to store sensitive information or inject malicious code into user pages.",
"aligned": true,
"concern": false
},
{
"name": "contextMenus",
"user_explanation": "This permission allows the extension to create custom context menus for users.",
"technical_note": "The 'contextMenus' permission grants access to the chrome.contextMenus API, which can be used to create and manage custom context menus. This could potentially allow the extension to inject malicious content into user pages or intercept sensitive information.",
"aligned": true,
"concern": false
},
{
"name": "storage",
"user_explanation": "This permission allows the extension to store data in the browser's storage.",
"technical_note": "The 'storage' permission grants access to the chrome.storage API, which can be used to store and retrieve small amounts of data. This could potentially allow the extension to store sensitive information or inject malicious code into user pages.",
"aligned": true,
"concern": false
},
{
"name": "scripting",
"user_explanation": "This permission allows the extension to execute scripts in the browser.",
"technical_note": "The 'scripting' permission grants access to the chrome.scripting API, which can be used to inject and execute scripts in user pages. This could potentially allow the extension to inject malicious code into user pages or intercept sensitive information.",
"aligned": true,
"concern": false
},
{
"name": "activeTab",
"user_explanation": "This permission allows the extension to access the currently active tab in the browser.",
"technical_note": "The 'activeTab' permission grants access to the chrome.tabs API, which can be used to read or modify the currently active tab. This could potentially allow the extension to inject malicious content into user tabs or intercept sensitive information.",
"aligned": true,
"concern": false
},
{
"name": "*://*/*",
"user_explanation": "This permission allows the extension to access all websites and their content.",
"technical_note": "The '*://*/*' permission grants access to all URLs, which can be used to inject malicious code into user pages or intercept sensitive information. This is a critical risk due to its broad scope.",
"aligned": false,
"concern": true
},
{
"name": "<all_urls>",
"user_explanation": "This permission allows the extension to access all URLs and their content, including those with specific schemes or hosts.",
"technical_note": "The '<all_urls>' permission grants access to all URLs, which can be used to inject malicious code into user pages or intercept sensitive information. This is a critical risk due to its broad scope.",
"aligned": false,
"concern": true
}
],
"data_exposure": {
"summary": "This extension accesses browsing history and stores data in the browser's storage, which could potentially allow it to track user activity or inject malicious content into user pages. It also sends requests to various domains, including its own servers and third-party services like Microsoft Bing.",
"technical": "The extension makes XHR requests to fvdspeeddial.com, everhelper.pro, github.com, www.w3.org, qa.fvdspeeddial.com, tools.ietf.org, www.google.com, www.gnu.org, search.fvdspeeddial.com, www.google-analytics.com, developers.google.com, and www.phpied.com. It also uses the Fetch API to make requests to these domains. The extension stores data in the browser's storage using the chrome.storage API."
},
"findings": [
{
"title": "eval() used",
"severity": "high",
"user_explanation": "The extension uses eval(), which can execute arbitrary code and potentially inject malicious content into user pages.",
"technical_detail": "The extension uses eval() in the file 'contentScript.js' to execute dynamic code. This could allow an attacker to inject malicious code into user pages or intercept sensitive information.",
"legitimate_use": "eval() is commonly used in legitimate extensions for tasks like parsing JSON data or executing dynamic code.",
"concern": true
},
{
"title": "Function constructor used",
"severity": "high",
"user_explanation": "The extension uses the Function constructor, which can execute arbitrary code and potentially inject malicious content into user pages.",
"technical_detail": "The extension uses the Function constructor in the file 'contentScript.js' to execute dynamic code. This could allow an attacker to inject malicious code into user pages or intercept sensitive information.",
"legitimate_use": "The Function constructor is commonly used in legitimate extensions for tasks like creating dynamic functions or executing code.",
"concern": true
},
{
"title": "innerHTML assignment",
"severity": "medium",
"user_explanation": "The extension uses innerHTML assignment, which can potentially inject malicious content into user pages.",
"technical_detail": "The extension assigns innerHTML in the file 'contentScript.js' to a variable. This could allow an attacker to inject malicious code into user pages or intercept sensitive information.",
"legitimate_use": "innerHTML assignment is commonly used in legitimate extensions for tasks like updating page content or injecting HTML elements.",
"concern": false
},
{
"title": "outerHTML assignment",
"severity": "medium",
"user_explanation": "The extension uses outerHTML assignment, which can potentially inject malicious content into user pages.",
"technical_detail": "The extension assigns outerHTML in the file 'contentScript.js' to a variable. This could allow an attacker to inject malicious code into user pages or intercept sensitive information.",
"legitimate_use": "outerHTML assignment is commonly used in legitimate extensions for tasks like updating page content or injecting HTML elements.",
"concern": false
},
{
"title": "String.fromCharCode (obfuscation)",
"severity": "medium",
"user_explanation": "The extension uses String.fromCharCode, which can be used to obfuscate code and potentially inject malicious content into user pages.",
"technical_detail": "The extension uses String.fromCharCode in the file 'contentScript.js' to create a string. This could allow an attacker to inject malicious code into user pages or intercept sensitive information.",
"legitimate_use": "String.fromCharCode is commonly used in legitimate extensions for tasks like encoding data or creating strings.",
"concern": false
},
{
"title": "charCodeAt (obfuscation)",
"severity": "medium",
"user_explanation": "The extension uses charCodeAt, which can be used to obfuscate code and potentially inject malicious content into user pages.",
"technical_detail": "The extension uses charCodeAt in the file 'contentScript.js' to get the character code of a string. This could allow an attacker to inject malicious code into user pages or intercept sensitive information.",
"legitimate_use": "charCodeAt is commonly used in legitimate extensions for tasks like encoding data or creating strings.",
"concern": false
},
{
"title": "Makes XHR requests",
"severity": "info",
"user_explanation": "The extension makes XHR requests to various domains, including its own servers and third-party services.",
"technical_detail": "The extension uses the XMLHttpRequest API to make requests to fvdspeeddial.com, everhelper.pro, github.com, www.w3.org, qa.fvdspeeddial.com, tools.ietf.org, www.google.com, www.gnu.org, search.fvdspeeddial.com, www.google-analytics.com, developers.google.com, and www.phpied.com.",
"legitimate_use": "XHR requests are commonly used in legitimate extensions for tasks like fetching data from servers or making API calls.",
"concern": false
},
{
"title": "Uses Fetch API",
"severity": "info",
"user_explanation": "The extension uses the Fetch API to make requests to various domains, including its own servers and third-party services.",
"technical_detail": "The extension uses the Fetch API to make requests to fvdspeeddial.com, everhelper.pro, github.com, www.w3.org, qa.fvdspeeddial.com, tools.ietf.org, www.google.com, www.gnu.org, search.fvdspeeddial.com, www.google-analytics.com, developers.google.com, and www.phpied.com.",
"legitimate_use": "The Fetch API is commonly used in legitimate extensions for tasks like fetching data from servers or making API calls.",
"concern": false
},
{
"title": "Creates script elements dynamically",
"severity": "high",
"user_explanation": "The extension creates script elements dynamically, which can potentially inject malicious code into user pages.",
"technical_detail": "The extension uses the document.createElement method to create a script element in the file 'contentScript.js'. This could allow an attacker to inject malicious code into user pages or intercept sensitive information.",
"legitimate_use": "Creating script elements dynamically is commonly used in legitimate extensions for tasks like injecting scripts or updating page content.",
"concern": true
},
{
"title": "Reads browser storage",
"severity": "medium",
"user_explanation": "The extension reads data from the browser's storage, which could potentially allow it to access sensitive information.",
"technical_detail": "The extension uses the chrome.storage API to read data from the browser's storage in the file 'contentScript.js'. This could allow an attacker to access sensitive information or inject malicious code into user pages.",
"legitimate_use": "Reading data from browser storage is commonly used in legitimate extensions for tasks like storing and retrieving data.",
"concern": false
},
{
"title": "Stores data in browser storage",
"severity": "medium",
"user_explanation": "The extension stores data in the browser's storage, which could potentially allow it to access sensitive information or inject malicious code into user pages.",
"technical_detail": "The extension uses the chrome.storage API to store data in the browser's storage in the file 'contentScript.js'. This could allow an attacker to access sensitive information or inject malicious code into user pages.",
"legitimate_use": "Storing data in browser storage is commonly used in legitimate extensions for tasks like storing and retrieving data.",
"concern": false
},
{
"title": "Injects malicious content",
"severity": "high",
"user_explanation": "The extension injects malicious content into user pages, which could potentially allow an attacker to intercept sensitive information or inject malware.",
"technical_detail": "The extension uses the document.body.innerHTML property to inject HTML elements in the file 'contentScript.js'. This could allow an attacker to inject malicious code into user pages or intercept sensitive information.",
"legitimate_use": "Injecting content is commonly used in legitimate extensions for tasks like updating page content or injecting HTML elements.",
"concern": true
}
],
"verdict": "This extension has several security concerns, including the use of eval(), Function constructor, and innerHTML assignment. It also makes XHR requests to various domains, including its own servers and third-party services. The extension stores data in the browser's storage and injects malicious content into user pages. These issues could potentially allow an attacker to intercept sensitive information or inject malware."
}
Similar Extensions
More in Make Chrome Yours/accessibility →
360 Internet Protection
Dark mode for every website. Take care of your eyes, use dark theme for night and daily browsing.
Up to 600% volume boost