%E8%BF%85%E9%9B%B7%E4%B8%8B%E8%BD%BD%E6%94%AF%E6%8C%81

What This Extension Does

Permissions Explained

• contextMenus: Allows the extension to create custom context menus in the browser.
• cookies: Enables the extension to read and modify cookies on visited websites.
• tabs: Grants access to tab management, allowing the extension to interact with open tabs.
• webRequest: Provides the ability to intercept and manipulate web requests made by the browser.
• downloads: Allows the extension to manage downloads initiated by the user or programmatically.
• nativeMessaging: Enables communication between the extension and native applications on the system.
• storage: Grants access to local storage, allowing the extension to store data persistently.
• scripting: Provides the ability to inject scripts into web pages.
• notifications: Allows the extension to display notifications to the user.
• <all_urls>: A broad permission that allows the extension to access all websites visited by the user.
• http://*/* and https://*/*: These permissions are subsets of <all_urls>, specifically allowing access to HTTP and HTTPS sites, respectively.

What We Found in the Code

• [medium] innerHTML assignment — potential XSS vector: This flag is likely a normal coding pattern for UI rendering. Extensions often use innerHTML to dynamically update content within their UI elements. However, it's worth noting that using innerHTML with untrusted data can be a security risk if not properly sanitized.
• [info] Makes HTTP requests: This is a common behavior for extensions that need to communicate with external services or APIs. It doesn't necessarily indicate an issue unless the extension is making requests to unauthorized domains or handling user input in a way that could lead to security vulnerabilities.
• [high] Listens to keyboard events: Keyboard listeners are often used by extensions for shortcuts or other interactive features within their UI. This flag might be raised due to its potential for misuse, but without more context, it's hard to say if this is an issue.
• [medium] Potential data exfiltration pattern: This could refer to several patterns in the code that suggest the extension might be sending data out of the browser. Without specific details on what data and where it's being sent, it's difficult to assess the risk.

External Connections

• down.sandai.net
• mac.xunlei.com
• www.xunlei.com
• www.w3.org (likely for standardization or compatibility reasons)
• api-shoulei-ssl.xunlei.com
• static-xl.a.88cdn.com
• jsq.xunlei.com
• sl-m-ssl.xunlei.com
• misc-xl9-ssl.xunlei.com
• github.com (which could be for open-source code hosting or other legitimate purposes)

Things to Consider

• This extension has access to a wide range of permissions, including <all_urls>, which means it can read all website data. Users should consider whether they trust this level of access.
• The use of nativeMessaging and the broad permissions could indicate that the extension is designed for more than just basic productivity tasks, potentially involving system-level interactions or data collection.
• The large user base (45 million) suggests a high level of adoption, which can be both a positive indicator of trustworthiness and a negative one if users are unaware of potential risks.