Colorzilla
π Security Report Available View on Chrome Web StoreChrome will indicate if you already have this installed.
Overview
Advanced Eyedropper, Color Picker, Gradient Generator and other colorful goodies
Tags
Privacy Practices
β
Does not collect your data
β
Does not sell your data to third parties
β
Does not use data for unrelated purposes
Security Analysis
Permissions
Code Patterns Detected
External Connections
Package Contents 87 files Β· 1.1MB
βΎ_locales398KB
βΎcs17KB
messages.json17KB
βΎde17KB
messages.json17KB
βΎel20KB
messages.json20KB
βΎen16KB
messages.json16KB
βΎen_GB17KB
messages.json17KB
βΎes17KB
messages.json17KB
βΎes_41917KB
messages.json17KB
βΎfr17KB
messages.json17KB
βΎid17KB
messages.json17KB
βΎit17KB
messages.json17KB
βΎja18KB
messages.json18KB
βΎko17KB
messages.json17KB
βΎnl17KB
messages.json17KB
βΎpl17KB
messages.json17KB
βΎpt_BR17KB
messages.json17KB
βΎpt_PT17KB
messages.json17KB
βΎru19KB
messages.json19KB
βΎth20KB
messages.json20KB
βΎtr17KB
messages.json17KB
βΎuk19KB
messages.json19KB
βΎvi17KB
messages.json17KB
βΎzh_CN16KB
messages.json16KB
βΎzh_TW17KB
messages.json17KB
βΎ_metadata12KB
verified_contents.json12KB
βΎcss8KB
page.css2KB
popup.css7KB
βΎhtml15KB
about.html2KB
offscreen.html437B
options.html5KB
popup.html8KB
βΎimages50KB
βΎmaterial16KB
art_palette.svg981B
color.svg3KB
copy.svg742B
dropper.svg847B
examine.svg1KB
eyedropper-circle.svg428B
gear-black.svg1KB
gear.svg2KB
gradient_linear.svg2KB
help.svg1KB
history.svg1KB
speech_ballon.svg710B
update.svg645B
warning.svg675B
checkmark-icon.svg496B
close-button.png288B
collapse-button.png225B
drop-down-icon.png216B
icon-128.png17KB
icon-16.png851B
icon-48.png4KB
logo-v2-640.svg9KB
main-icon-19-dark.png544B
main-icon-19.png535B
selection-marker.gif1KB
βΎjs386KB
about.js1KB
background-combo.js27KB
browser-utils.js2KB
color-history.js1KB
content-script-combo.js158KBlarge
global-shortcut.js606B
new-feature-badge.js986B
offscreen.js949B
options.js5KB
palette-db.json160KB
popup.js21KB
utils.js7KB
βΎlib265KB
βΎjPicker122KB
βΎcss4KB
jPicker-1.1.6.min.css4KB
βΎimages80KB
AlphaBar.png2KB
Bars.png382B
Maps.png76KB
NoColor.png552B
bar-opacity.png134B
map-opacity.png139B
mappoint.gif93B
picker.gif146B
preview-opacity.png135B
rangearrows.gif76B
jPicker.css848B
jpicker-1.1.6.min.js37KB
chrome-promise.js4KB
jquery.js88KBlarge
underscore.js52KBlarge
EULA.html4KB
manifest.json984B
manifest.v2.json786B
manifest.v3.json918B
What This Extension Does
The ColorZilla extension appears to be a productivity tool for developers, offering advanced eyedropper, color picker, gradient generator, and other features.Permissions Explained
- tabs: Allows the extension to interact with web pages, which is standard for extensions that need to perform actions on specific websites.
- scripting: Enables the extension to execute scripts in the context of web pages, also common for extensions that need to manipulate page content or behavior.
- storage: Grants permission for the extension to store data locally, which is typical for extensions that need to remember user settings or cache data.
- offscreen: This permission is unusual and not clearly explained by the extension's description. It could be related to rendering off-screen elements or handling background tasks but requires further investigation.
- <all_urls>: Grants access to all URLs, which is a broad permission that allows the extension to interact with any web page, including those outside its intended functionality. This is unusual for an extension described as productivity/developer-focused.
What We Found in the Code
- The use of function constructors for dynamic code execution is flagged as high-risk. However, without more context, it's difficult to determine if this is a legitimate coding pattern or a potential security issue.
- innerHTML assignment is flagged as a medium-risk potential XSS vector. This could be a normal practice for UI rendering in certain contexts but warrants further investigation.
- The extension makes HTTP requests, which is a common and expected behavior for extensions that need to fetch data from external sources.
- Keyboard listeners are used, which could be for shortcuts or other legitimate purposes within the extension's UI.
External Connections
The extension communicates with several domains:- www.colorzilla.com, colorzilla.com: Expected for an extension that likely needs to communicate with its own website for updates, settings, or data.
- www.digitalmagicpro.com: Unusual and not clearly related to the extension's functionality. Further investigation is needed to understand this connection.
- johndyer.name, github.com, people.mozilla.org, en.wikipedia.org, docs.python.org, developer.mozilla.org, wiki.ecmascript.org: These domains appear to be external resources used for documentation, tutorials, or other non-security-related purposes.
Things to Consider
Given the extension's description and permissions, it seems that some of its declared permissions might be broader than necessary. The use of<all_urls> stands out as particularly concerning, given the extension's focus on developer productivity tools. Users may want to consider whether this level of access is justified for an extension described as "colorful goodies."Similar Extensions
More in Productivity/developer βCapture a screenshot of your current page in entirety and reliablyβwithout requesting any extra permissions!
λΈλΌμ°μ μμ λΌμ¨μνμ΄μ PC보μ κΈ°λ₯μ μ¬μ©νκΈ° μν νμ₯ νλ‘κ·Έλ¨μ
λλ€.
Adds React debugging tools to the Chrome Developer Tools.
Created from revision 3cde211b0c on 10/20/2025.
Identify web technologies