πŸ“¦

Zoom Chrome Extension

πŸ” Security Report Available
πŸ‘₯ 8M+ users
πŸ“¦ v1.9.11
πŸ’Ύ 292KiB
πŸ“… 2026-02-10
βž• Add to Chrome

Lets you schedule Zoom meetings directly from Google Calendar, streamlining your meeting planning and saving time for busy professionals and teams.

Overview

Schedule Zoom meetings directly from Google Calendar

Tags

Productivity/workflow productivity/workflow

Privacy Practices

βœ… Does not sell your data to third parties
βœ… Does not use data for unrelated purposes

Security Analysis

Analyzed v1.9.11 Β· Feb 21, 2026 Β· 10 JS files Β· 529 KB scanned

Permissions

storage unlimitedStorage

Code Patterns Detected

Function constructor used β€” dynamic code execution innerHTML assignment β€” potential XSS vector Makes HTTP requests

External Connections

www.w3.org calendar.google.com zoom.us support.zoom.com www.zoommildev.com support.zoom.us

What This Extension Does

The Zoom Chrome Extension allows users to schedule Zoom meetings directly from Google Calendar, making it a productivity tool for those who use both services.

Permissions Explained

  • storage and unlimitedStorage: These permissions allow the extension to store data locally on the user's device. While this is common for extensions that need to remember settings or cache data, unlimited storage may be unusual for an extension with 8 million users.
  • https://www.google.com/calendar/*, https://calendar.google.com/calendar/*, https://*.zoom.us/*, and https://*.zoom.com/*: These permissions grant the extension access to specific domains related to Google Calendar and Zoom. This is expected, given the extension's purpose.

What We Found in the Code

  • [high] Function constructor used β€” dynamic code execution: The use of function constructors can be a normal pattern for creating objects or functions dynamically. However, without more context, it's difficult to say whether this is being used maliciously.
  • [medium] innerHTML assignment β€” potential XSS vector: This flag is likely due to the extension using innerHTML to render UI elements. While this can be a security risk if untrusted data is inserted into the DOM, it's also a common pattern for building dynamic UIs. Without more information about how the extension uses innerHTML, it's hard to say whether this is a genuine concern.
  • [info] Makes HTTP requests: This is a normal behavior for extensions that need to communicate with external services or APIs.

External Connections

The extension communicates with the following domains:
  • www.w3.org (expected, as it's a standard web development resource)
  • calendar.google.com, zoom.us, and their subdomains (expected, given the extension's purpose)
  • support.zoom.com and support.zoom.us (unexpected; these may be related to support or documentation resources)

Things to Consider

Based on the extension's name and description, it appears that the permissions granted are generally aligned with its intended functionality. However, the use of unlimited storage may raise concerns about data management and potential security risks.

It's also worth noting that the extension has a large user base (8 million users), which may increase the likelihood of security vulnerabilities or issues related to data storage. Users should carefully review the extension's permissions and consider whether they are comfortable with the level of access it grants.
πŸ“¦
Do more in Google Chrome with Adobe Acrobat PDF tools. View, fill, comment, sign, and try convert and compress tools.
Productivity/workflow
θΏ…ι›·δΈ‹θ½½ζ”―ζŒ
Productivity/workflow
πŸ“¦
Remove ads on YouTube and everywhere else you browse.
Productivity/workflow
πŸ“¦
Sign in to supported websites with your Microsoft work or school accounts on Windows and macOS platforms.
Productivity/workflow