Reading List
🔍 Security Report Available View on Chrome Web StoreChrome will indicate if you already have this installed.
Overview
This reading list extension allows you to save pages in a list to get back to later. It’s super slick and easy to use, and it helps keep your tab count down.
How to use it?
1. Go to a page you want to save for later
2. Click the reading list icon on the top right of your browser Chrome Reading List icon
3. Click the + button
4. When you want to read a page you saved, open up the extension and click the reading item you want to read (control + click or command ⌘/windows key ⊞ + click to open the page in a new tab)
5. Done with a page? Click the × next to said page in your reading list, and it will magically vanish.
Tags
Privacy Practices
Security Analysis — Reading List
Permissions
Code Patterns Detected
External Connections
What This Extension Does
The Reading List extension allows users to save web pages for later reading, helping manage browser tabs and organize content. It is designed for productivity and ease of use, targeting individuals who frequently browse the web and want a simple way to revisit articles or resources. With over 40,000 users, it's a lightweight tool that integrates directly into Chrome’s interface.
Permissions Explained
- tabsexpected: This permission lets the extension access information about your open browser tabs and interact with them — for example, reading the current page URL or closing tabs.
Technical: The extension uses the Chrome Tabs API to retrieve tab data such as URLs and titles. If compromised, this could allow an attacker to monitor browsing activity or manipulate tabs. - storageexpected: This permission allows the extension to save and retrieve user data locally — like your reading list items — so they persist between browser sessions.
Technical: Uses Chrome's Storage API (likely chrome.storage.local) for persistent data. If misused, it could expose sensitive or personal information stored by the extension.
Your Data
The extension accesses local storage to save your reading list items but does not appear to send any data externally. It only contacts a single external domain for icon loading, which is typical for UI elements.
Technical Details
Network activity includes a request to icons.duckduckgo.com (HTTP). No encryption or secure protocol specified; no cookies, tokens, keystrokes, or page content are transmitted. Data stored locally via chrome.storage.
Code Findings
The extension may be vulnerable to cross-site scripting (XSS) if it injects untrusted content into the page using innerHTML. This could allow attackers to run malicious scripts in your browser.
Technical: A medium-severity issue was identified involving direct assignment of user-provided data to an element's innerHTML property, which can lead to XSS if not sanitized properly. The risk is present in one JavaScript file (27 KB), though no specific exploit path has been confirmed.
💡 Many extensions use innerHTML for dynamic UI updates; however, it should always be paired with sanitization when handling user input or external data.
The Reading List extension appears to function as described and uses permissions appropriately. However, a potential XSS vulnerability in its JavaScript code raises concerns about how user-provided content is handled. Users should be cautious if they frequently add links with unknown or untrusted sources. For most users, the risk remains low but warrants attention.
