Sweezy Cursors ★ Custom C

Name: Security Analysis: Sweezy Cursors ★ Custom C
Item: Sweezy Cursors ★ Custom C
Rating: 5
Author: ChromeBoard

🔍 Security Report Available

👥 400K+ users

📦 v4.0.5

💾 617KiB

📅 2026-02-22

View on Chrome Web Store

Chrome will indicate if you already have this installed.

Overview

Sweezy Cursors - Sweet and Eazy custom cursors for Chrome browser.

Now with Animated Cursors! 🦋💟✨🧚🧃🌈🐸⭐🩹🧷
We have breathed even more life into our mouse cursors. And so much so that now they have become alive. They shimmer in colors, move, spin, dance, and most importantly give even more expression and positive emotions. Check brand new Animated cursors on our site.

Say goodbye to the mundane default mouse pointer. Elevate it to something more with Sweezy! 🙌 Let it inspire, uplift, and bring joy. We, the Sweezy team, are on a mission to revolutionize your mouse cursor experience!

🌎 On our site you can find tons of totally free cursors for all tastes, sorted by collections and lists. Some of what we have:
- Comics and Games pointers;
- Cartoons and Anime cursors;
- Memes and Cats;
- Cute cursors designs and much, much more...

✨ Just go and see for yourself, we update our site with cool things almost every day!

⬆️ If you still don't find something for you, you can always create your own unique cursor style with the Constructor feature as a custom arrow.

❗️ Please note that according to Google's rules, extensions cannot work on Chrome Web Store pages and internal pages of the Chrome browser, such as Home Page, Settings, Downloads, etc.
Also, the extension cannot customize cursor on the browser Navigation Bar, such as Tabs Buttons, URL bar, Toolbar etc.
In almost all other cases, your custom mouse will work.

We decided to create something more than just a set of custom cursors, something with soul and a pinch of love. 💕 We think about the design of our pointers and we make them like for ourselves. So that every user is happy with the result.

Change cursor to something special, stylish, something that can show your personality. It can be in style of character from your favorite animated series. Or maybe something cute in your favorite color. Or is it the car of your dreams - you choose!

No matter how old you are, school or office, life should be filled with joy and fun. And bright cursor themes are just a little that we can give you. Use our cursor changer - make yourself even happier!

Custom styles that will make you stylish. These aesthetic mouse arrows and mouse pointers will give your browser a unique look. Just try this! 💎

The most expensive things are free! 🤑 Yes, that's why our designs are free, anyone can customize their cursor simply, quickly, and completely free with our extension! Use it for fun, darlings!

Try awesome cursors for your browser today with Sweezy. And make your browsing in a new way! ⭐️

Privacy Practices

✓ Not being sold to third parties, outside of the approved use cases

✓ Not being used or transferred for purposes that are unrelated to the item's core functionality

✓ Not being used or transferred to determine creditworthiness or for lending purposes

v4.0.5 Info Scanned Mar 10, 2026

Security Analysis — Sweezy Cursors ★ Custom C

Analyzed v4.0.5 · Mar 10, 2026 · 4 JS files · 1098 KB scanned

Permissions

Code Patterns Detected

External Connections

sweezy-cursors.com www.w3.org github.com www.google-analytics.com www.example.com mui.com fb.me reactjs.org dyou03zkatmo1.cloudfront.net bugs.webkit.org microsoftedge.microsoft.com

Package Contents 76 files · 1.8MB

▾📁_locales172KB

▾📁am3KB

{}messages.json3KB

▾📁ar3KB

{}messages.json3KB

▾📁bg4KB

{}messages.json4KB

▾📁bn4KB

{}messages.json4KB

▾📁ca3KB

{}messages.json3KB

▾📁cs3KB

{}messages.json3KB

▾📁da3KB

{}messages.json3KB

▾📁de3KB

{}messages.json3KB

▾📁el4KB

{}messages.json4KB

▾📁en3KB

{}messages.json3KB

▾📁en_GB2KB

{}messages.json2KB

▾📁en_US3KB

{}messages.json3KB

▾📁es3KB

{}messages.json3KB

▾📁es_4193KB

{}messages.json3KB

▾📁et3KB

{}messages.json3KB

▾📁fa4KB

{}messages.json4KB

▾📁fi3KB

{}messages.json3KB

▾📁fil3KB

{}messages.json3KB

▾📁fr3KB

{}messages.json3KB

▾📁gu4KB

{}messages.json4KB

▾📁he3KB

{}messages.json3KB

▾📁hi4KB

{}messages.json4KB

▾📁hr3KB

{}messages.json3KB

▾📁hu3KB

{}messages.json3KB

▾📁id3KB

{}messages.json3KB

▾📁it3KB

{}messages.json3KB

▾📁ja3KB

{}messages.json3KB

▾📁kn5KB

{}messages.json5KB

▾📁ko3KB

{}messages.json3KB

▾📁lt3KB

{}messages.json3KB

▾📁lv3KB

{}messages.json3KB

▾📁ml5KB

{}messages.json5KB

▾📁mr4KB

{}messages.json4KB

▾📁ms3KB

{}messages.json3KB

▾📁nl3KB

{}messages.json3KB

▾📁no3KB

{}messages.json3KB

▾📁pl3KB

{}messages.json3KB

▾📁pt_BR3KB

{}messages.json3KB

▾📁pt_PT3KB

{}messages.json3KB

▾📁ro3KB

{}messages.json3KB

▾📁ru4KB

{}messages.json4KB

▾📁sk3KB

{}messages.json3KB

▾📁sl3KB

{}messages.json3KB

▾📁sr4KB

{}messages.json4KB

▾📁sv3KB

{}messages.json3KB

▾📁sw3KB

{}messages.json3KB

▾📁ta5KB

{}messages.json5KB

▾📁te5KB

{}messages.json5KB

▾📁th4KB

{}messages.json4KB

▾📁tr3KB

{}messages.json3KB

▾📁uk4KB

{}messages.json4KB

▾📁vi3KB

{}messages.json3KB

▾📁zh_CN3KB

{}messages.json3KB

▾📁zh_TW3KB

{}messages.json3KB

▾📁_metadata11KB

{}verified_contents.json11KB

▾📁assets475KB

▾📁fonts443KB

🔤AvenirNextCyr-Bold.ttf86KB

🔤AvenirNextCyr-Demi.ttf87KB

🔤AvenirNextCyr-Light.ttf96KB

🔤AvenirNextCyr-Medium.ttf87KB

🔤AvenirNextCyr-Regular.ttf87KB

▾📁images24KB

🖼645da86a42093f6ac468.png20KB

🖼913a53000736ca2b15f8.png4KB

▾📁manifest_icons8KB

🖼icon128.png2KB

🖼icon256.png3KB

🖼icon32.png691B

🖼icon48.png918B

🖼icon96.png2KB

▾📁vendor2KB

📜lazyload.js2KB

📄lazyload.js.LICENSE.txt297B

📜background.js228KBlarge

📜content_script.js9KB

{}manifest.json1KB

🎨popup.4c92a841a2ebf2c5c9a0.css37KB

📜popup.bundle.js860KBlarge

📄popup.bundle.js.LICENSE.txt2KB

🌐popup.html415B

What This Extension Does

Sweezy Cursors is a lifestyle extension designed to replace the default mouse pointer with animated, custom designs to enhance user experience and express personality. It operates across all websites but is restricted by browser policy from modifying cursors on internal Chrome pages or navigation bars. While its primary function is cosmetic, security analysis reveals significant risks related to excessive permissions and code obfuscation.

Permissions Explained

<all_urls>expected: This permission allows the extension to run its code on every website you visit. This is necessary for it to detect your mouse movements and swap the cursor image, but it also means the extension has broad visibility into which sites you are visiting.
Technical: Grants access to the chrome.webNavigation and chrome.contextMenus APIs across all origins. If compromised, an attacker could potentially monitor navigation history or inject content scripts globally. The attack surface is maximized as it bypasses same-origin policy restrictions for the extension's own logic.
storageexpected: This allows the extension to save your cursor preferences and settings. This is essential for remembering which custom cursors you like without asking for permission every time.
Technical: Accesses chrome.storage.sync and chrome.storage.local. Data is stored in encrypted local storage (unless synced). If compromised, an attacker could read saved cursor configurations or inject malicious data into the extension's state.
scriptingexpected: This permission enables the extension to run JavaScript code on web pages. This is required to intercept mouse events and swap cursor images dynamically.
Technical: Allows injection of content scripts via chrome.scripting. While necessary for functionality, this grants the ability to read page DOM (if not strictly sandboxed) and execute arbitrary code in the context of every visited site.

Your Data

The extension communicates with its own servers for updates and analytics, as well as third-party services like GitHub (likely for asset hosting) and Google Analytics. It does not appear to send sensitive user data like passwords or browsing history to external parties based on the network log provided.

Technical Details

Domains contacted: sweezy-cursors.com (primary logic/assets), www.google-analytics.com (telemetry), github.com (asset retrieval), dyou03zkatmo1.cloudfront.net (CDN for assets). Protocols are standard HTTPS. Data types exposed include cursor configuration objects and anonymous usage statistics via Google Analytics.

Code Findings

Use of Function ConstructorHigh

The extension uses a technique called 'Function constructor' to create code dynamically. This is often used to hide the real logic of the extension, making it very difficult for you or security experts to read and verify what the code actually does.

Technical: Pattern: new Function('code') found in background scripts. Risk vector: Obfuscation prevents static analysis. If the hidden code contains a backdoor or keylogger, it would be invisible to standard inspection tools. This is a common anti-debugging technique used by malware.

💡 Sometimes used for runtime code generation (e.g., building dynamic SQL queries) or minification, but rarely necessary for simple cursor swapping extensions.

Keystroke Capture CapabilityCritical

The security analysis indicates the extension has the capability to capture keystrokes. While the developer claims it is for cursors, this permission level allows reading text from any input field on any website you visit.

Technical: Analysis of code behavior flags captureKeystrokes. This implies access to chrome.input or direct DOM event listeners on <input> and <textarea> elements. If the obfuscated code (charCodeAt) is used to parse typed characters, this confirms a keylogger implementation.

💡 Legitimate extensions like password managers use this to detect when you are typing a password to save it securely, but they must explicitly request this permission and usually only on specific sites. A cursor extension requesting this globally is highly suspicious.

Global Content Script InjectionMedium

The extension injects code into every website you visit, not just where it is needed. This increases the risk that a bug in the extension could crash other websites or accidentally leak data from sites you don't expect.

Technical: Manifest V3 content_scripts configured with host permissions <all_urls>. The CSP (script-src 'self') restricts inline scripts but does not prevent the injected content script from reading the page's DOM. This creates a large attack surface for XSS if the extension code is compromised.

💡 Required for extensions that need to modify the UI or listen to events globally, but best practice is to limit host permissions to specific domains when possible.

External Analytics TrackingLow

The extension sends data to Google Analytics. This helps the developers understand how many people use the extension, but it means your browsing habits are being tracked and associated with a Google account.

Technical: Network calls to www.google-analytics.com. Data sent typically includes user agent, referrer URL, and custom hit parameters defined in the GA configuration. Traffic is encrypted via TLS.

💡 Standard practice for open-source or commercial extensions to track adoption metrics.

Bottom Line

Sweezy Cursors presents a significant security risk due to its combination of critical capabilities (keystroke capture) and high-risk obfuscation techniques (Function constructor), which are unnecessary for a simple cursor changer. While the extension is popular, users should be aware that it has the technical ability to record passwords and sensitive text input across all websites. We recommend avoiding this extension or using it only on non-sensitive sites if you must use it.