Reading List Chrome extension icon

Reading List

🔍 Security Report Available
👥 40K+ users
📦 v3.0.1
💾 29.1KiB
📅 2024-10-24
View on Chrome Web Store

Chrome will indicate if you already have this installed.

Overview

This reading list extension allows you to save pages in a list to get back to later. It’s super slick and easy to use, and it helps keep your tab count down.

How to use it?

1. Go to a page you want to save for later
2. Click the reading list icon on the top right of your browser Chrome Reading List icon
3. Click the + button
4. When you want to read a page you saved, open up the extension and click the reading item you want to read (control + click or command ⌘/windows key ⊞ + click to open the page in a new tab)
5. Done with a page? Click the × next to said page in your reading list, and it will magically vanish.

Tags

Productivity/tools productivity/tools

Privacy Practices

Not being sold to third parties, outside of the approved use cases
Not being used or transferred for purposes that are unrelated to the item's core functionality
Not being used or transferred to determine creditworthiness or for lending purposes
v3.0.1 Critical Scanned Feb 24, 2026

Security Analysis — Reading List

Analyzed v3.0.1 · Feb 24, 2026 · 1 JS files · 27 KB scanned

Permissions

tabs storage

Code Patterns Detected

innerHTML assignment — potential XSS vector

External Connections

icons.duckduckgo.com

What This Extension Does

The Reading List extension allows users to save web pages for later reading, helping manage browser tabs and organize content. It is designed for productivity and ease of use, targeting individuals who frequently browse the web and want a simple way to revisit articles or resources. With over 40,000 users, it's a lightweight tool that integrates directly into Chrome’s interface.

Permissions Explained

  • tabsexpected: This permission lets the extension access information about your open browser tabs and interact with them — for example, reading the current page URL or closing tabs.
    Technical: The extension uses the Chrome Tabs API to retrieve tab data such as URLs and titles. If compromised, this could allow an attacker to monitor browsing activity or manipulate tabs.
  • storageexpected: This permission allows the extension to save and retrieve user data locally — like your reading list items — so they persist between browser sessions.
    Technical: Uses Chrome's Storage API (likely chrome.storage.local) for persistent data. If misused, it could expose sensitive or personal information stored by the extension.

Your Data

The extension accesses local storage to save your reading list items but does not appear to send any data externally. It only contacts a single external domain for icon loading, which is typical for UI elements.

Technical Details

Network activity includes a request to icons.duckduckgo.com (HTTP). No encryption or secure protocol specified; no cookies, tokens, keystrokes, or page content are transmitted. Data stored locally via chrome.storage.

Code Findings

InnerHTML Assignment — Potential XSS VulnerabilityMedium

The extension may be vulnerable to cross-site scripting (XSS) if it injects untrusted content into the page using innerHTML. This could allow attackers to run malicious scripts in your browser.

Technical: A medium-severity issue was identified involving direct assignment of user-provided data to an element's innerHTML property, which can lead to XSS if not sanitized properly. The risk is present in one JavaScript file (27 KB), though no specific exploit path has been confirmed.

💡 Many extensions use innerHTML for dynamic UI updates; however, it should always be paired with sanitization when handling user input or external data.

Bottom Line

The Reading List extension appears to function as described and uses permissions appropriately. However, a potential XSS vulnerability in its JavaScript code raises concerns about how user-provided content is handled. Users should be cautious if they frequently add links with unknown or untrusted sources. For most users, the risk remains low but warrants attention.

Similar Extensions

More in Productivity/tools →
Easy-to-use PDF tools to view, edit, convert, fill, e-sign PDF files, and more in your browser.
Productivity/tools AI

Zotero Connector

7M+ users
Save references to Zotero from your web browser
Productivity/tools
Browsec VPN is a Chrome VPN extension that protects your IP from Internet threats and lets you browse privately for free…
Productivity/tools