iCloud PasswordsSecurity Analysis

Chromev3.2.0MV3February 18, 2026 at 11:38 AM

Use with caution

This extension requests significant permissions. It has 6M+ users, a 4.4 star rating, but review the findings below.

5.4MEDIUM

5.4 MEDIUMRaw: 6.7

This extension shows some risk signals that are common in legitimate extensions but worth reviewing. Check the details below.

Based on 8 permissions including high-risk ones, 20 code findings, 1 dangerous combination.

Trust Signals(4.5/10)

Users

6.0M

Rating

4.4(2K reviews)

Dangerous Combinations(1)

CRITICALAll-sites access + keyboard capture

Extension has access to all sites and captures keyboard input — behavior consistent with a keylogger.

<all_urls>+keylogger_pattern

Permissions

8.5/10

Code

4.3/10

Combinations

10.0/10

Manifest/CSP

4.3/10

Permissions(8 analyzed)

Code Findings(12 patterns, 20 total)

Content Security Policy

No CSP Defined(1 issue)

MEDIUM

N/ANo CSP defined

This extension does not define a Content Security Policy. A CSP helps prevent XSS and code injection attacks.

Manifest Analysis(2 findings)

Resolved from __MSG_* i18n placeholders:

Name: iCloud Passwords

Description: iCloud Passwords lets you fill passwords from iCloud Keychain when signing in to websites using Chrome.

MEDIUM

web_accessible_resources.matchesOverly broad match patterns

Web-accessible resources use <all_urls> or wildcard patterns, exposing resources to every website.

MEDIUM

content_scriptsContent script injected on all URLs

Content script matches <all_urls>, executing on every website the user visits.

External Domains(3)

discord.comsupport.apple.comwww.apple.com

Indicators of Compromise

75 indicators of compromise found

File Statistics

67

Total Files

5

JS Files

1.0 MB

Total Size

Other Scanned Extensions

Obsidian Web Clipper

Save Image As...

Image downloader - Imageye

uBlock Origin Lite