Quick Gmail
🔍 Security Report Available View on Chrome Web StoreChrome will indicate if you already have this installed.
Overview
Quick Gmail is a browser extension that provides fast and convenient access to multiple Gmail accounts directly from your toolbar. With just a click, you can view and open your inboxes without the hassle of logging in and out.
Key features:
- Access multiple Gmail accounts instantly
- Open inboxes with a single click
- Fully private and secure - only requires storage permission
- No data collection or external servers involved
This extension is perfect for users who manage multiple Gmail accounts and want to streamline their email workflow. It's designed with privacy in mind, operating solely within your browser and requiring minimal permissions.
Boost your productivity and simplify your email management with Quick Gmail. Open source and available on GitHub: https://github.com/SomaRe/quick_gmail_web_extention/
Tags
Privacy Practices
Security Analysis — Quick Gmail
Permissions
Code Patterns Detected
External Connections
Package Contents 12 files · 524KB
What This Extension Does
Quick Gmail is a browser extension that provides fast access to multiple Gmail accounts from your toolbar. It's designed for users who manage multiple Gmail accounts, aiming to streamline their email workflow while prioritizing privacy.
Permissions Explained
- storageexpected: This permission allows the extension to store data locally on your device.
Technical: The 'storage' permission grants access to Chrome's storage API, enabling the extension to save and retrieve data. This includes storing user credentials for Gmail accounts, which could be compromised if the extension is breached. - https://mail.google.com/*check this: This permission allows the extension to access Gmail's servers directly.
Technical: The 'https://mail.google.com/*' permission grants access to Chrome's webRequest API, enabling the extension to intercept and modify HTTP requests. This could be used for malicious purposes if exploited. ⚠ 1
Your Data
The extension accesses your Gmail accounts' data on Google's servers and stores it locally on your device, but only requires storage permission.
Technical Details
Code Findings
This finding indicates a potential security risk where the extension could be vulnerable to cross-site scripting (XSS) attacks.
Technical: The extension uses innerHTML assignment in its content script, which can lead to XSS vulnerabilities if user input is not properly sanitized. This is a common pattern in web development but requires careful handling to prevent exploitation.
💡 innerHTML assignment is often used for dynamic content injection in legitimate extensions.
This finding indicates that the extension uses a modern web API to make HTTP requests.
Technical: The extension utilizes the Fetch API for making HTTP requests, which is a secure and efficient way to interact with servers. This is a common pattern in modern web development.
💡 Fetch API is widely used in legitimate extensions for making HTTP requests.
This finding indicates that the extension sets up event listeners to respond to user interactions.
Technical: The extension uses event listeners to handle user interactions, which is a standard practice in web development. This allows the extension to respond to user actions and provide a seamless experience.
💡 Event listeners are commonly used in legitimate extensions for handling user interactions.
While Quick Gmail provides convenient access to multiple Gmail accounts, its permission scope exceeds what's necessary for the stated purpose. Users should exercise caution and consider the potential risks associated with granting broad permissions like 'https://mail.google.com/*'.
