Stacker - Falling blocks!
๐ Security Report Available View on Chrome Web StoreChrome will indicate if you already have this installed.
Overview
A fun arcade game that plays in a popup. Stack falling tetra blocks without hitting the ceiling!
Tags
Privacy Practices
โ
Does not collect your data
โ
Does not sell your data to third parties
โ
Does not use data for unrelated purposes
Security Analysis
Permissions
Code Patterns Detected
External Connections
Package Contents 25 files ยท 6.4MB
โพ_metadata4KB
verified_contents.json4KB
โพassets33KB
pause.png2KB
play.png3KB
restart.png18KB
settings.png10KB
โพicons6.3MB
icon.png9KB
icon128.png1010B
icon16.png710B
icon24.png737B
icon256.png1KB
icon32.png707B
icon48.png726B
icon_old.png6.2MB
icon_old128.png8KB
icon_old16.png8KB
icon_old24.png8KB
icon_old256.png8KB
icon_old32.png8KB
icon_old48.png8KB
background-bundle.js11KB
index.html2KB
main-bundle.js23KB
manifest.json1KB
style.css2KB
style.scss3KB
What This Extension Does
Stacker - Falling blocks! is a Chrome extension categorized as a game, which plays in a popup. It allows users to stack falling tetra blocks without hitting the ceiling.Permissions Explained
- storage: This permission allows the extension to store and retrieve data locally on the user's device. For a game like Stacker, this is likely used to save progress or settings.
What We Found in the Code
- [medium] innerHTML assignment โ potential XSS vector: The extension uses
innerHTMLto update its UI. While this can be a legitimate way to render dynamic content, it does introduce some risk if untrusted data is used. However, without more context, it's difficult to say whether this is an issue.
- [info] Makes HTTP requests: The extension makes external requests, which could be for API calls or other purposes. This is a normal part of many extensions and web applications.
- [high] Listens to keyboard events: The extension listens for keyboard events, which might be used for shortcuts or other interactive features. However, this could also be an unusual pattern if it's not necessary for the game's functionality.
External Connections
- www.google-analytics.com: This is likely used for analytics tracking to understand user behavior and improve the extension.
- k-ext.pages.dev, k-ext-ads.netlify.app: These domains are less clear but might be related to advertising or other monetization strategies. Their presence could raise questions about data collection and privacy.
- forms.gle: This is a Google Forms link, which might be used for user feedback or surveys.
Things to Consider
- The extension's permissions seem generally aligned with its purpose as a game that requires storage for progress and possibly external resources for functionality. However, the use of keyboard listeners without more context could raise questions about how it interacts with the user.
- Users should consider whether they are comfortable with the potential data collection implied by the external domains referenced, especially if these are related to advertising or analytics.
- The lack of a Content Security Policy (CSP) might make the extension more vulnerable to certain types of attacks. However, this is not unique to Stacker and is a common oversight in many extensions.
Similar Extensions
More in Lifestyle/games โPlay over 50 levels of box-jumping madness! Design and share your own levels.
The authentic snake game in a popup. Smooth animations and a saved high score!
Integrates the D&D Beyond Character Sheets with Roll20 and Foundry VTT.
Boxel 3D is a speedrunning game packed with challenging levels, custom skins, online multiplayer, and a creative level eโฆ