Dark Mode for ChromeSecurity Analysis

Extension has access to all sites and captures keyboard input — behavior consistent with a keylogger.

Listens for keyboard events, a common technique used by keyloggers.

Content script runs at document_start in ALL frames on ALL URLs. This gives the extension deep access to every page load, including iframes.

Uses XMLHttpRequest to make network calls.

Sends messages via Chrome runtime, could communicate with external services.

Line exceeds 5000 characters (entropy: 5.094716142814261)

This extension does not define a Content Security Policy. A CSP helps prevent XSS and code injection attacks.

Extension uses tab tracking APIs (onUpdated/query) and communicates with external servers — potential browsing surveillance.

Reads or writes to localStorage, which may contain sensitive site data.

Sets innerHTML directly, which can lead to XSS if used with untrusted data.