Is ColorZilla safe to use?

ColorZilla has a risk level of HIGH with an overall risk score of 6.1/10. Our scan detected 39 security findings. This extension has significant security concerns — review the full report before installing.

What permissions does ColorZilla request?

ColorZilla requests the following permissions: tabs, scripting, storage, offscreen. It also requests host access to: .

What is ColorZilla's risk score?

ColorZilla has an overall risk score of 6.1/10 (HIGH). Breakdown: Permissions 7.0/10, Code 8.6/10, Combinations 10.0/10, CSP 3.1/10.

ExtSafe

ColorZillaSecurity Analysis

Chromev4.1MV3March 16, 2026 at 03:37 PM

Potentially unsafe

This extension shows concerning patterns that may indicate risky behavior. Proceed with caution.

6.1HIGH

6.1 HIGHRaw: 7.6

This extension shows significant risk signals. Review the findings below carefully before installing or continuing to use it.

Based on 5 permissions including high-risk ones, 36 code findings, 2 dangerous combinations.

Trust Signals(4.5/10)

Users

4.0M

Rating

3.5(4K reviews)

Developer

Iosart Labs LLC

Status

Featured

Dangerous Combinations(2)

MEDIUMTab tracking API + external communication

Extension uses tab tracking APIs (onUpdated/query) and communicates with external servers — potential browsing surveillance.

tabs+tabs API usage + external network

CRITICALAll-sites access + keyboard capture

Extension has access to all sites and captures keyboard input — behavior consistent with a keylogger.

<all_urls>+keylogger_pattern

Permissions

7.0/10

Code

8.6/10

Combinations

10.0/10

Manifest/CSP

3.1/10

Permissions(5 analyzed)

Code Findings(16 patterns, 36 total)

Libraries(4 detected)

4 libraries detected, 1 with known vulnerabilities

Content Security Policy

No CSP Defined(1 issue)

MEDIUM

N/ANo CSP defined

This extension does not define a Content Security Policy. A CSP helps prevent XSS and code injection attacks.

Manifest Analysis(1 finding)

Resolved from __MSG_* i18n placeholders:

Description: Advanced Eyedropper, Color Picker, Gradient Generator and other colorful goodies

MEDIUM

web_accessible_resources.matchesOverly broad match patterns

Web-accessible resources use <all_urls> or wildcard patterns, exposing resources to every website.

External Domains(11)

colorzilla.comdocs.python.orgen.wikipedia.orggithub.comjohndyer.namepeople.mozilla.orgunderscorejs.orgwiki.ecmascript.orgwww.colorzilla.comwww.digitalmagicpro.comwww.iosart.com