Zoom Chrome Extension

What This Extension Does

The Zoom Chrome Extension allows users to schedule Zoom meetings directly from Google Calendar, making it a productivity tool for those who use both services.

Permissions Explained

• storage and unlimitedStorage: These permissions allow the extension to store data locally on the user's device. While this is common for extensions that need to remember settings or cache data, unlimited storage may be unusual for an extension with 8 million users.
• https://www.google.com/calendar/*, https://calendar.google.com/calendar/*, https://*.zoom.us/*, and https://*.zoom.com/*: These permissions grant the extension access to specific domains related to Google Calendar and Zoom. This is expected, given the extension's purpose.

What We Found in the Code

• [high] Function constructor used — dynamic code execution: The use of function constructors can be a normal pattern for creating objects or functions dynamically. However, without more context, it's difficult to say whether this is being used maliciously.
• [medium] innerHTML assignment — potential XSS vector: This flag is likely due to the extension using innerHTML to render UI elements. While this can be a security risk if untrusted data is inserted into the DOM, it's also a common pattern for building dynamic UIs. Without more information about how the extension uses innerHTML, it's hard to say whether this is a genuine concern.
• [info] Makes HTTP requests: This is a normal behavior for extensions that need to communicate with external services or APIs.

External Connections

The extension communicates with the following domains:

• www.w3.org (expected, as it's a standard web development resource)
• calendar.google.com, zoom.us, and their subdomains (expected, given the extension's purpose)
• support.zoom.com and support.zoom.us (unexpected; these may be related to support or documentation resources)

Things to Consider

Based on the extension's name and description, it appears that the permissions granted are generally aligned with its intended functionality. However, the use of unlimited storage may raise concerns about data management and potential security risks.

It's also worth noting that the extension has a large user base (8 million users), which may increase the likelihood of security vulnerabilities or issues related to data storage. Users should carefully review the extension's permissions and consider whether they are comfortable with the level of access it grants.