ExtSafe

Google Keep Chrome ExtensionSecurity Analysis

Chromev4.26111.988.1MV3March 16, 2026 at 06:53 PM
Use with caution

This extension requests significant permissions. It has 8M+ users, a 4.4 star rating, but review the findings below.

4.6MEDIUM
4.6 MEDIUMRaw: 5.8

This extension shows some risk signals that are common in legitimate extensions but worth reviewing. Check the details below.

Based on 10 permissions including high-risk ones, 66 code findings.

Trust Signals(5.5/10)

Users
8.0M
Rating
4.4(8K reviews)
Status
Featured
Permissions
7.5/10
Code
8.2/10
Combinations
0.0/10
Manifest/CSP
4.3/10

Permissions(10 analyzed)

Code Findings(16 patterns, 66 total)

Content Security Policy

CSP Present(1 issue)
LOW
object-srcobject-src not restricted

object-src is not set to 'none'. Plugins like Flash can be embedded, which may allow code execution.

Manifest Analysis(2 findings)

Resolved from __MSG_* i18n placeholders:

Name: Google Keep Chrome Extension

Description: Save to Google Keep in a single click!

HIGH
web_accessible_resourcesJS files exposed to web pages

JavaScript files are accessible to ALL websites. Any page can load and interact with these scripts, enabling web→extension attacks.

MEDIUM
web_accessible_resources.matchesOverly broad match patterns

Web-accessible resources use <all_urls> or wildcard patterns, exposing resources to every website.

External Domains(16)

bugzil.lachromewebstore.google.comen.wikipedia.orggithub.comgogoo.glkeep.google.comkripken.github.ioplay.google.compubs.opengroup.orgserver.comtools.ietf.orgunicode.orgwebkit.orgwww.ietf.orgwww.khronos.org

Indicators of Compromise

37 indicators of compromise found

File Statistics

208
Total Files
96
JS Files
22.4 MB
Total Size

Other Scanned Extensions

Obsidian Web Clipper
4.8 MEDIUM
ProKeys
5.2 MEDIUM
Save Image As...
3.7 MEDIUM
Image downloader - Imageye
4.2 MEDIUM
uBlock Origin Lite
5.7 MEDIUM
Stream Cleaner
4.3 MEDIUM