This extension shows critical risk indicators. It requests highly sensitive permissions combined with suspicious code patterns. Proceed with extreme caution.
Based on 6 permissions including high-risk ones, 20 code findings, 2 dangerous combinations.
Extension tracks open tabs and communicates with external servers — potential browsing surveillance.
Extension has access to all sites and captures keyboard input — behavior consistent with a keylogger.
This extension does not define a Content Security Policy. A CSP helps prevent XSS and code injection attacks.
Resolved from __MSG_* i18n placeholders:
Name: Google Input Tools
Description: Input Tools lets you type in the language of your choice.
JavaScript files are accessible to ALL websites. Any page can load and interact with these scripts, enabling web→extension attacks.
Web-accessible resources use <all_urls> or wildcard patterns, exposing resources to every website.
3 indicators of compromise found