Extension Auditor
Extension Auditor
Sign Up

LGTM

ID: dkekloblpdedbbephnkjefjbmngfgiol

Supported Languages

🇯🇵Japanese

Extension Info & Metadata

Status
Active
Version
1.0
Size
0.50 MB
Rating
0.0/5
Reviews
0
Users
3
Type
Extension
Updated
Dec 16, 2023
Category
Developer tools
Price
Free
Featured
No
Visibility
Listed
Mature
No
By Google
No
Trusted
No
Download CRX
Chrome Web Store
Report Issue

Publisher Contextual Analysis

Author
qinritukouView Profile
Privacy
Privacy Policy
Country
JP
MX records exist
Yes
Domain exists
Yes
Is disposable
No
Is role-based
No
Mailbox exists
Yes
Address
東みずほ台2-3-4 ノエル・パルティール406 富士見市, 埼玉県 354-0015 JP
Website
Visit
Total Extensions
2
Active
2
Obsolete
0
Listed
2
Unlisted
0
Total Users
4

LGTM画像手軽に使える拡張機能

LGTMを手軽に 可愛い写真でlgtmしましょう? にゃんこ、わんこ、さらにいろいろかわいい写真が随時追加されます。 ------------------- LGTMを手軽にするエクステンションです。 Github上にLGTMボタンを設置します。 ボタンを押すと、画像が一覧で表示され、好きな画像を選択するとコメント欄にLGTMリンクが挿入されます。

Item
Type
Severity
Description
clipboardWrite
Permission
High
This permission allows modification of clipboard content. Rated High because it can inject malicious content into the clipboard, modify copied passwords, and manipulate copied data.

The entire UI of lgtm.html is delegated to a remotely-hosted Firebase page via an iframe. Because the content served at `https://lgtm-7854a.web.app/` is not bundled with the extension and is not verified at install time, the publisher (or anyone who compromises the Firebase project) can push new code — including phishing forms or credential-harvesting UI — that runs inside the extension popup without any CWS review. This is a textbook remote-code-loading pattern that MV3's script-eval CSP does not prevent for iframe-embedded pages.

lgtm.html (Line 1)
<!DOCTYPE html><html lang="en"><head></head><body>  <iframe frameBorder="0" width="660" height="500" src="https://lgtm-7854a.web.app/"></iframe></body></html>

By severity

Critical0
High1
Medium0
Low0

Versions scanned

None of the 1 scanned version has more than one unique code-review finding. Counts are unique findings that include each version.

Extension VersionCode Review Findings
No versions with multiple unique findings.

Files with findings

1 distinct path — top paths by unique finding count:

  • lgtm.html1
S.No.
Category
Severity
File
Summary
Found in Version
1Remote Code Loading
high
lgtm.html (line 1)The entire UI of lgtm.html is delegated to a remotely-hosted Firebase page via an iframe. Because the content served at `https://lgtm-7854a.web.app/` is not bundled with the extension and is not verified at install ti…
1.0
URLs
22
IPv4
1
IPv6
1

URLs

View the external URLs this extension communicates with to understand its network activity and data interactions.

Gain full insight into all external connections.

Upgrade for full visibility.

Sign In
lgtm-7854a.web.app-https://lgtm-7854a.web.app/
clients2.google.com/service/update2/crxhttps://clients2.google.com/service/update2/crx
www.w3.org/2000/svghttp://www.w3.org/2000/svg
www.w3.org/1999/xlinkhttp://www.w3.org/1999/xlink
www.apache.org/licenses/LICENSE-2.0http://www.apache.org/licenses/LICENSE-2.0
securetoken.google.com/$%7Br%7D%60,aud:r,iat:o,exp:o+3600,auth_time:o,sub:s,user_id:s,firebase:%7Bsign_in_provider:https://securetoken.google.com/${r}`,aud:r,iat:o,exp:o+3600,auth_time:o,sub:s,user_id:s,firebase:{sign_in_provider:
console.firebase.google.com-https://console.firebase.google.com/.
${u}-http://${u}?ns=${a.namespace}`,i=c6(s,o
firebase.google.com/pricing/https://firebase.google.com/pricing/.
${t}`-https://${t}`
Showing 1 to 10 of 30 rows
Rows per page:

Gain full insight into all external connections.

Upgrade for full visibility.

Sign In
1.2.3.4
IPv4
-
1:2:3:4:5:6:7:8
IPv6
-
Version
Size
Is Malicious
Findings
Permhash
1.0
Latest
0.50 MB
Malicious
1
d085d61e61516616277032533dc0a071df9ceacfa8007ab28b11668a3df47884
Showing 1 to 1 of 10 rows
Rows per page:

Browse and explore files within this extension package

Gain full insight into all external connections.

Upgrade for full visibility.

Sign In