ExtSafe

Lightning AutofillSecurity Analysis

Chromev14.24.3MV3February 18, 2026 at 11:43 AM
Use with caution

This extension requests significant permissions. It has 500K+ users, a 2.0 star rating, but review the findings below.

4.6MEDIUM
4.6 MEDIUMRaw: 5.7

This extension shows some risk signals that are common in legitimate extensions but worth reviewing. Check the details below.

Based on 10 permissions including high-risk ones, 35 code findings.

Trust Signals(4.5/10)

Users
500K
Rating
2.0(2K reviews)
Status
Featured
Permissions
7.0/10
Code
8.5/10
Combinations
0.0/10
Manifest/CSP
4.3/10

Permissions(10 analyzed)

Code Findings(12 patterns, 35 total)

Content Security Policy

No CSP Defined(1 issue)
MEDIUM
N/ANo CSP defined

This extension does not define a Content Security Policy. A CSP helps prevent XSS and code injection attacks.

Manifest Analysis(2 findings)

MEDIUM
web_accessible_resources.matchesOverly broad match patterns

Web-accessible resources use <all_urls> or wildcard patterns, exposing resources to every website.

MEDIUM
content_scriptsContent script injected on all URLs

Content script matches <all_urls>, executing on every website the user visits.

External Domains(14)

${ftaccounts.google.comai.lightningautofill.comapi.${xbilling.stripe.comdocs.${xdocs.google.comdocs.lightningautofill.comgithub.comlightningautofill.comsapi.${ftsupport.google.comwww.apache.orgwww.tohodo.com

Indicators of Compromise

8 indicators of compromise found

File Statistics

49
Total Files
13
JS Files
880.2 KB
Total Size

Other Scanned Extensions

Obsidian Web Clipper
4.8 MEDIUM
ProKeys
5.2 MEDIUM
Save Image As...
3.7 MEDIUM
Image downloader - Imageye
4.2 MEDIUM
uBlock Origin Lite
5.7 MEDIUM
Stream Cleaner
4.3 MEDIUM