Is "PassLok for Email" on Chrome Web Store Safe to Install?
TAKE PRIVACY INTO YOUR OWN HANDS Easy, end-to-end secure encryption for email, plus real-time chat, that does not rely on servers and is therefore immune to hacking or government intervention. Right now PassLok for Email supports Gmail, Yahoo mail and Outlook online. If you need any other emails right away, check out PassLok Universal, which is also more resistant to changes in the services. --PassLok for Email is incredibly easy to use-- To encrypt a message or file, just click the PassLok icon at the bottom of the Compose or Reply box. A popup will take your private message and encrypt it with the click of a button. Then you can send it out like any other message, or as an attachment. To decrypt it, click the PassLok icon at the top of the encrypted message. A popup will show the decrypted message or file immediately, or will tell you if there is any problem. PassLok asks you for your Password only once. It can be anything you want, so you can actually remember it. PassLok will evaluate its strength and compensate for its weakness by lengthening the computations. It won't be stored or sent anywhere, and PassLok will forget it after five minutes of inactivity. If you want to change your Password, go ahead and start using a new one when PassLok asks you for it. You may be asked for the old Password if PassLok can't decrypt something, but otherwise that's all you'll have to do. --Lots of power in a slender package-- You can use either of these two encryption modes, by just clicking a button: 1. Signed mode: encrypted messages can be decrypted again, so long as the recipients supply their authentic passwords. Recipients are also assured that the message was encrypted by the sender. 2. Read-once mode: after a few encrypted messages have been exchanged they can no longer be decrypted by anyone, even if they supply the correct passwords. In addition, you can make encrypted chat invitations which, when decrypted by the recipients, open a webRTC real-time chat session where participants are directly connected to one another. The chat session includes text, files, audio, and even video. PassLok for Email allows you to encrypt files and images as well. Just load them with a toolbar button. You can also encrypt them separately and load them as regular attachments. You can also communicate with users of services not supported by PassLok for Email. They can use PassLok Privacy (also in the Chrome store), which has a special mode fully compatible with PassLok for Email. For the very paranoid (and who isn't these days?), PassLok for Email includes four special features: 1. Encrypt to image: the message is encrypted into an image you supply and then attach to your email, so the presence of a hidden message cannot be detected even by computer analysis. 2. Concealed mode: the encrypted message does not look encrypted, but actually looks like normal text. PassLok still detects it and decrypts it normally, though. 3. Invisible mode: the encrypted material cannot be seen at all. It is hidden in the space between the lines of an otherwise normal message. 4. Hidden msg: there is a hidden message in addition to the regular message, and it is encrypted by a separate key. The hidden message is completely undetectable to those who don't know it exists. Images also can contain hidden messages. --State-of-the art security-- PassLok is based on the NaCl encryption engine, which uses 255-bit standard elliptic curves vetted against weaknesses by experts. On top of that, it uses the 256-bit XSalsa20 symmetric cipher, a high-performance, open source algorithm, which has been scrutinized by experts for nearly a decade without any practical weaknesses being found. The image-encryption part of PassLok, developed in-house but open-source, has recently been shown to be much harder to detect than F5, the champion steganography tool until now. PassLok does not use servers that might eventually compromise your private data. All encryption is done client-side. All data sent to the email server is encrypted, and they don't have the password that decrypts it. With PassLok, you can actually SEE that that your messages have been encrypted. You can also see the code. PassLok hides nothing from you. PassLok for Email is now in public beta testing. To report any bugs or suggest improvements, please submit them as "Issues" at this GitHub page: https://github.com/fruiz500/PassLok4email/issues
Risk Assessment
Analyzed273 security findings detected across all analyzers
Chrome extension requesting 10 permissions
Severity Breakdown
Finding Categories
YARA Rules Matched
9 rules(81 hits)Requested Permissions
10 permissionsAbout This Extension
Detailed Findings
82 totalYARA Rule Matches
9 rulesIndicators of Compromise
Network indicators, suspicious strings, and potential IoCs extracted during analysis
All Indicators · 159
detected IP: 4.2.10.2 XIOC detected IP: 4.2.10.2
extracted_from_files
detected Domain: result.name XIOC detected Domain: result.name
extracted_from_files
detected URL: https://mail.google.com/* XIOC detected URL: https://mail.google.com/*
extracted_from_files
detected URL: http://mail.google.com/* XIOC detected URL: http://mail.google.com/*
extracted_from_files
detected URL: https://google.com/* XIOC detected URL: https://google.com/*
extracted_from_files
detected URL: http://google.com/* XIOC detected URL: http://google.com/*
extracted_from_files
detected URL: http://*.mail.yahoo.com/* XIOC detected URL: http://*.mail.yahoo.com/*
extracted_from_files
detected URL: https://*.mail.yahoo.com/* XIOC detected URL: https://*.mail.yahoo.com/*
extracted_from_files
detected URL: http://*.live.com/* XIOC detected URL: http://*.live.com/*
extracted_from_files
detected URL: https://passlok.com/app XIOC detected URL: https://passlok.com/app
extracted_from_files
detected URL: https://xato.net/passwords/more-top-worst-passwords, XIOC detected URL: https://xato.net/passwords/more-top-worst-passwords,
extracted_from_files
detected URL: https://github.com/first20hours/google-10000-english. XIOC detected URL: https://github.com/first20hours/google-10000-english.
extracted_from_files
detected URL: https://github.com/fruiz500/passlok-stego XIOC detected URL: https://github.com/fruiz500/passlok-stego
extracted_from_files
detected URL: http://snippetrepo.com/snippets/bignum-base-conversion, XIOC detected URL: http://snippetrepo.com/snippets/bignum-base-conversion,
extracted_from_files
detected URL: http://www.irongeek.com/i.php?page=security/unicode-steganography-homoglyph-encoder, XIOC detected URL: http://www.irongeek.com/i.php?page=security/unicode-steganography-homoglyph-encoder,
extracted_from_files
detected URL: https://clients2.google.com/service/update2/crx XIOC detected URL: https://clients2.google.com/service/update2/crx
extracted_from_files
detected URL: https://github.com/sindresorhus/validate-element-name XIOC detected URL: https://github.com/sindresorhus/validate-element-name
extracted_from_files
detected URL: https://github.com/dchest/scrypt-async-js XIOC detected URL: https://github.com/dchest/scrypt-async-js
extracted_from_files
detected URL: https://github.com/fruiz500/PassLok4email XIOC detected URL: https://github.com/fruiz500/PassLok4email
extracted_from_files
detected URL: http://blog.streak.com/2012/11/how-to-detect-dom-changes-in-css.html XIOC detected URL: http://blog.streak.com/2012/11/how-to-detect-dom-changes-in-css.html
extracted_from_files
detected URL: http://davidwalsh.name/detect-node-insertion XIOC detected URL: http://davidwalsh.name/detect-node-insertion
extracted_from_files
detected URL: https://chrome.google.com/webstore/detail/passlok-for-email/ehakihemolfjgbbfhkbjgahppbhecclh XIOC detected URL: https://chrome.google.com/webstore/detail/passlok-for-email/ehakihemolfjgbbfhkbjgahppbhecclh
extracted_from_files
detected URL: https://addons.mozilla.org/en-US/firefox/addon/passlok-for-email/ XIOC detected URL: https://addons.mozilla.org/en-US/firefox/addon/passlok-for-email/
extracted_from_files
detected URL: http://www.w3.org/2000/svg'; XIOC detected URL: http://www.w3.org/2000/svg';
extracted_from_files
detected URL: http://www.w3.org/1999/xhtml'; XIOC detected URL: http://www.w3.org/1999/xhtml';
extracted_from_files
detected URL: https://www.w3.org/TR/xhtml1/normative.html#strict) XIOC detected URL: https://www.w3.org/TR/xhtml1/normative.html#strict)
extracted_from_files
detected URL: http://www.w3.org/1999/xhtml XIOC detected URL: http://www.w3.org/1999/xhtml
extracted_from_files
detected URL: https://html.spec.whatwg.org/multipage/dom.html#embedding-custom-non-visible-data-with-the-data-*-attributes) XIOC detected URL: https://html.spec.whatwg.org/multipage/dom.html#embedding-custom-non-visible-data-with-the-data-*-attributes)
extracted_from_files
detected URL: https://html.spec.whatwg.org/multipage/infrastructure.html#xml-compatible XIOC detected URL: https://html.spec.whatwg.org/multipage/infrastructure.html#xml-compatible
extracted_from_files
detected URL: http://www.w3.org/TR/xml/#d0e804) XIOC detected URL: http://www.w3.org/TR/xml/#d0e804)
extracted_from_files
detected URL: http://www.wtfpl.net/ XIOC detected URL: http://www.wtfpl.net/
extracted_from_files
detected URL: http://pieroxy.net/blog/pages/lz-string/testing.html XIOC detected URL: http://pieroxy.net/blog/pages/lz-string/testing.html
extracted_from_files
detected URL: http://tweetnacl.cr.yp.to/ XIOC detected URL: http://tweetnacl.cr.yp.to/
extracted_from_files
detected URL: https://github.com/floodyberry/poly1305-donna XIOC detected URL: https://github.com/floodyberry/poly1305-donna
extracted_from_files
detected URL: https://developer.mozilla.org/en-US/docs/Web/API/Node/nodeType XIOC detected URL: https://developer.mozilla.org/en-US/docs/Web/API/Node/nodeType
extracted_from_files
detected URL: http://w3c.github.io/webcomponents/spec/custom/#creating-and-passing-registries) XIOC detected URL: http://w3c.github.io/webcomponents/spec/custom/#creating-and-passing-registries)
extracted_from_files
detected URL: http://www.w3.org/1998/Math/MathML'; XIOC detected URL: http://www.w3.org/1998/Math/MathML';
extracted_from_files
detected URL: https://github.com/cure53/DOMPurify-- XIOC detected URL: https://github.com/cure53/DOMPurify--
extracted_from_files
detected URL: https://github.com/owencm/js-steg. XIOC detected URL: https://github.com/owencm/js-steg.
extracted_from_files
detected URL: https://github.com/rubycon/isaac.js-- XIOC detected URL: https://github.com/rubycon/isaac.js--
extracted_from_files
detected URL: http://burtleburtle.net/bob/rand/isaac.html XIOC detected URL: http://burtleburtle.net/bob/rand/isaac.html
extracted_from_files
detected URL: http://burtleburtle.net/bob/rand/isaacafa.html XIOC detected URL: http://burtleburtle.net/bob/rand/isaacafa.html
extracted_from_files
detected URL: https://github.com/owencm/js-steg XIOC detected URL: https://github.com/owencm/js-steg
extracted_from_files
detected URL: http://www.apache.org/licenses/LICENSE-2.0 XIOC detected URL: http://www.apache.org/licenses/LICENSE-2.0
extracted_from_files
detected URL: https://prgomez.com/passlok4emailcurrent/ XIOC detected URL: https://prgomez.com/passlok4emailcurrent/
extracted_from_files
detected URL: http://hash.online-convert.com/sha256-generator XIOC detected URL: http://hash.online-convert.com/sha256-generator
extracted_from_files
detected URL: https://github.com/dchest/tweetnacl-js-- XIOC detected URL: https://github.com/dchest/tweetnacl-js--
extracted_from_files
detected Domain: html.spec.whatwg.org XIOC detected Domain: html.spec.whatwg.org
extracted_from_files
detected URL: https://github.com/dchest/scrypt-async-js-- XIOC detected URL: https://github.com/dchest/scrypt-async-js--
extracted_from_files
detected URL: https://github.com/pieroxy/lz-string-- XIOC detected URL: https://github.com/pieroxy/lz-string--
extracted_from_files
detected URL: https://defuse.ca/checksums.htm XIOC detected URL: https://defuse.ca/checksums.htm
extracted_from_files
detected URL: https://passlok.com XIOC detected URL: https://passlok.com
extracted_from_files
detected URL: https://gmailcrypt.weebly.com/get-passlok.html XIOC detected URL: https://gmailcrypt.weebly.com/get-passlok.html
extracted_from_files
detected URL: https://clients2.google.com/service/update2/crx?response=redirect&prodversion=49.0&x=id%3Dehakihemolfjgbbfhkbjgahppbhecclh%26installsource%3Dondemand%26uc XIOC detected URL: https://clients2.google.com/service/update2/crx?response=redirect&prodversion=49.0&x=id%3Dehakihemolfjgbbfhkbjgahppbhecclh%26installsource%3Dondemand%26uc
extracted_from_files
detected URL: https://www.bitser.org/checksum-calculator-windows-7-freeware.shtml XIOC detected URL: https://www.bitser.org/checksum-calculator-windows-7-freeware.shtml
extracted_from_files
detected URL: https://hash.online-convert.com/sha256-generator XIOC detected URL: https://hash.online-convert.com/sha256-generator
extracted_from_files
detected URL: https://www.youtube.com/watch?v=xgkeZRJnv4o XIOC detected URL: https://www.youtube.com/watch?v=xgkeZRJnv4o
extracted_from_files
detected URL: https://www.youtube.com/watch?v=H1LfZyCxB9o XIOC detected URL: https://www.youtube.com/watch?v=H1LfZyCxB9o
extracted_from_files
detected URL: https://www.youtube.com/watch?v=oFCrETTwySw XIOC detected URL: https://www.youtube.com/watch?v=oFCrETTwySw
extracted_from_files
detected URL: https://chrome-extension-downloader.com/ XIOC detected URL: https://chrome-extension-downloader.com/
extracted_from_files
detected URL: https://www.youtube.com/watch?v=S9sK4V0tUe0 XIOC detected URL: https://www.youtube.com/watch?v=S9sK4V0tUe0
extracted_from_files
detected URL: https://www.youtube.com/watch?v=5YY6-tNJe94 XIOC detected URL: https://www.youtube.com/watch?v=5YY6-tNJe94
extracted_from_files
detected URL: https://www.youtube.com/watch?v=t8WnayDPVYk XIOC detected URL: https://www.youtube.com/watch?v=t8WnayDPVYk
extracted_from_files
detected URL: https://www.youtube.com/watch?v=B--WbQ8ubhg XIOC detected URL: https://www.youtube.com/watch?v=B--WbQ8ubhg
extracted_from_files
detected URL: https://www.youtube.com/watch?v=zk_qrAX7_G8 XIOC detected URL: https://www.youtube.com/watch?v=zk_qrAX7_G8
extracted_from_files
detected URL: http://www.7-zip.org/ XIOC detected URL: http://www.7-zip.org/
extracted_from_files
detected URL: http://www.kekaosx.com/ XIOC detected URL: http://www.kekaosx.com/
extracted_from_files
detected URL: https://wiki.archlinux.org/index.php/p7zip XIOC detected URL: https://wiki.archlinux.org/index.php/p7zip
extracted_from_files
detected URL: https://kyberlock.com/app XIOC detected URL: https://kyberlock.com/app
extracted_from_files
detected URL: https://www.youtube.com/watch?v=KiiX9hg4PrQ XIOC detected URL: https://www.youtube.com/watch?v=KiiX9hg4PrQ
extracted_from_files
detected URL: https://www.youtube.com/watch?v=FH2qN5TUdSk XIOC detected URL: https://www.youtube.com/watch?v=FH2qN5TUdSk
extracted_from_files
detected URL: https://passlok.com/human XIOC detected URL: https://passlok.com/human
extracted_from_files
detected URL: https://www.youtube.com/watch?v=aomKUA4PcAI XIOC detected URL: https://www.youtube.com/watch?v=aomKUA4PcAI
extracted_from_files
detected URL: https://*.live.com/* XIOC detected URL: https://*.live.com/*
extracted_from_files
detected URL: https://play.google.com/store/apps/details?id=com.fruiz500.passlok XIOC detected URL: https://play.google.com/store/apps/details?id=com.fruiz500.passlok
extracted_from_files
detected URL: https://addons.mozilla.org/en-US/firefox/addon/fusionkey/ XIOC detected URL: https://addons.mozilla.org/en-US/firefox/addon/fusionkey/
extracted_from_files
detected URL: https://passlok.com/files/passlok4email_technical_document.pdf XIOC detected URL: https://passlok.com/files/passlok4email_technical_document.pdf
extracted_from_files
detected URL: http://www.gnu.org/philosophy/why-not-lgpl.html XIOC detected URL: http://www.gnu.org/philosophy/why-not-lgpl.html
extracted_from_files
detected URL: https://passlok.com/chat/chat.html#' XIOC detected URL: https://passlok.com/chat/chat.html#'
extracted_from_files
detected URL: https://chrome.google.com/webstore/detail/passlok-universal/lbmlbnfgnbfppkfijbbpnecpglockled XIOC detected URL: https://chrome.google.com/webstore/detail/passlok-universal/lbmlbnfgnbfppkfijbbpnecpglockled
extracted_from_files
detected URL: https://addons.mozilla.org/en-US/firefox/addon/passlok-universal/ XIOC detected URL: https://addons.mozilla.org/en-US/firefox/addon/passlok-universal/
extracted_from_files
detected URL: https://chrome.google.com/webstore/detail/fusionkey/legnppmlegkibpinfjodjbejohblaaam XIOC detected URL: https://chrome.google.com/webstore/detail/fusionkey/legnppmlegkibpinfjodjbejohblaaam
extracted_from_files
detected Domain: mail.google.com XIOC detected Domain: mail.google.com
extracted_from_files
detected Domain: google.com XIOC detected Domain: google.com
extracted_from_files
detected Domain: mail.yahoo.com XIOC detected Domain: mail.yahoo.com
extracted_from_files
detected Domain: live.com XIOC detected Domain: live.com
extracted_from_files
detected URL: http://fsf.org/ XIOC detected URL: http://fsf.org/
extracted_from_files
detected URL: http://www.gnu.org/licenses/ XIOC detected URL: http://www.gnu.org/licenses/
extracted_from_files
detected Domain: outnode.id XIOC detected Domain: outnode.id
extracted_from_files
detected Domain: filelink.download XIOC detected Domain: filelink.download
extracted_from_files
detected Domain: xato.net XIOC detected Domain: xato.net
extracted_from_files
detected Domain: snippetrepo.com XIOC detected Domain: snippetrepo.com
extracted_from_files
detected Domain: date.now XIOC detected Domain: date.now
extracted_from_files
detected Domain: filetoload.name XIOC detected Domain: filetoload.name
extracted_from_files
detected Domain: www.irongeek.com XIOC detected Domain: www.irongeek.com
extracted_from_files
detected Domain: chrome.storage XIOC detected Domain: chrome.storage
extracted_from_files
detected Domain: activetab.id XIOC detected Domain: activetab.id
extracted_from_files
detected Domain: blog.streak.com XIOC detected Domain: blog.streak.com
extracted_from_files
detected Domain: davidwalsh.name XIOC detected Domain: davidwalsh.name
extracted_from_files
detected Domain: yahoo.com XIOC detected Domain: yahoo.com
extracted_from_files
detected Domain: array.prototype.foreach.call XIOC detected Domain: array.prototype.foreach.call
extracted_from_files
detected Domain: bodydiv.id XIOC detected Domain: bodydiv.id
extracted_from_files
detected Domain: nodefilter.show XIOC detected Domain: nodefilter.show
extracted_from_files
detected Domain: hook.call XIOC detected Domain: hook.call
extracted_from_files
detected Domain: currentnode.data XIOC detected Domain: currentnode.data
extracted_from_files
detected Domain: createdocumentfragment.call XIOC detected Domain: createdocumentfragment.call
extracted_from_files
detected Domain: importnode.call XIOC detected Domain: importnode.call
extracted_from_files
detected Domain: body.ownerdocument.doctype.name XIOC detected Domain: body.ownerdocument.doctype.name
extracted_from_files
detected Domain: purify.js.map XIOC detected Domain: purify.js.map
extracted_from_files
detected Domain: w3c.github.io XIOC detected Domain: w3c.github.io
extracted_from_files
detected Domain: www.w3.org XIOC detected Domain: www.w3.org
extracted_from_files
detected URL: https://chrome.google.com/webstore/detail/passlok-privacy/epcchpdljafmfegifkigklfcmkphfmbh XIOC detected URL: https://chrome.google.com/webstore/detail/passlok-privacy/epcchpdljafmfegifkigklfcmkphfmbh
extracted_from_files
detected Domain: cfg.safe XIOC detected Domain: cfg.safe
extracted_from_files
detected Domain: cfg.in XIOC detected Domain: cfg.in
extracted_from_files
detected Domain: getelementsbytagname.call XIOC detected Domain: getelementsbytagname.call
extracted_from_files
detected Domain: createnodeiterator.call XIOC detected Domain: createnodeiterator.call
extracted_from_files
detected Domain: tweetnacl.cr.yp.to XIOC detected Domain: tweetnacl.cr.yp.to
extracted_from_files
detected Domain: nacl.secretbox.open XIOC detected Domain: nacl.secretbox.open
extracted_from_files
detected Domain: nacl.box XIOC detected Domain: nacl.box
extracted_from_files
detected Domain: nacl.box.open XIOC detected Domain: nacl.box.open
extracted_from_files
detected Domain: nacl.sign.open XIOC detected Domain: nacl.sign.open
extracted_from_files
detected Domain: array.prototype.slice.call XIOC detected Domain: array.prototype.slice.call
extracted_from_files
detected Domain: developer.mozilla.org XIOC detected Domain: developer.mozilla.org
extracted_from_files
detected Domain: imagedata.data XIOC detected Domain: imagedata.data
extracted_from_files
detected Domain: www.bytestrom.eu XIOC detected Domain: www.bytestrom.eu
extracted_from_files
detected Domain: www.owencampbellmoore.com XIOC detected Domain: www.owencampbellmoore.com
extracted_from_files
detected Domain: image.data XIOC detected Domain: image.data
extracted_from_files
detected Domain: www.wtfpl.net XIOC detected Domain: www.wtfpl.net
extracted_from_files
detected Domain: pieroxy.net XIOC detected Domain: pieroxy.net
extracted_from_files
detected Domain: object.prototype.hasownproperty.call XIOC detected Domain: object.prototype.hasownproperty.call
extracted_from_files
detected Domain: gomez.com XIOC detected Domain: gomez.com
extracted_from_files
detected Domain: jitsi.org XIOC detected Domain: jitsi.org
extracted_from_files
detected Domain: jit.si XIOC detected Domain: jit.si
extracted_from_files
detected Domain: burtleburtle.net XIOC detected Domain: burtleburtle.net
extracted_from_files
detected Domain: www.apache.org XIOC detected Domain: www.apache.org
extracted_from_files
detected Domain: frame.progressive XIOC detected Domain: frame.progressive
extracted_from_files
detected Domain: xhr.open XIOC detected Domain: xhr.open
extracted_from_files
detected Domain: chrome-extension-downloader.com XIOC detected Domain: chrome-extension-downloader.com
extracted_from_files
detected Domain: clients2.google.com XIOC detected Domain: clients2.google.com
extracted_from_files
detected Domain: www.bitser.org XIOC detected Domain: www.bitser.org
extracted_from_files
detected Domain: hash.online-convert.com XIOC detected Domain: hash.online-convert.com
extracted_from_files
detected Domain: defuse.ca XIOC detected Domain: defuse.ca
extracted_from_files
detected Domain: gmailcrypt.weebly.com XIOC detected Domain: gmailcrypt.weebly.com
extracted_from_files
detected Domain: prgomez.com XIOC detected Domain: prgomez.com
extracted_from_files
detected Domain: github.com XIOC detected Domain: github.com
extracted_from_files
detected Domain: www.youtube.com XIOC detected Domain: www.youtube.com
extracted_from_files
detected Domain: play.google.com XIOC detected Domain: play.google.com
extracted_from_files
detected Domain: kyberlock.com XIOC detected Domain: kyberlock.com
extracted_from_files
detected Domain: www.7-zip.org XIOC detected Domain: www.7-zip.org
extracted_from_files
detected Domain: www.kekaosx.com XIOC detected Domain: www.kekaosx.com
extracted_from_files
detected Domain: wiki.archlinux.org XIOC detected Domain: wiki.archlinux.org
extracted_from_files
detected Domain: fsf.org XIOC detected Domain: fsf.org
extracted_from_files
detected Domain: www.gnu.org XIOC detected Domain: www.gnu.org
extracted_from_files
detected Domain: chrome.google.com XIOC detected Domain: chrome.google.com
extracted_from_files
detected Domain: addons.mozilla.org XIOC detected Domain: addons.mozilla.org
extracted_from_files
detected Domain: passlok.com XIOC detected Domain: passlok.com
extracted_from_files
detected Domain: sender.tab XIOC detected Domain: sender.tab
extracted_from_files
detected URL: https://github.com/dchest/ed2curve-js-- XIOC detected URL: https://github.com/dchest/ed2curve-js--
extracted_from_files
Security Analysis Summary
Security Analysis Overview
PassLok for Email is a Chrome Web Store extension published by [email protected]. Version 1.0 has been analyzed by the Risky Plugins security platform, receiving a risk score of 50.46/100 (MEDIUM risk) based on 273 security findings.
Risk Assessment
This extension presents moderate security risk. Several findings were detected that may warrant attention. Users should carefully review the permissions and findings before installation.
Findings Breakdown
- High: 81 finding(s)
- Medium: 192 finding(s)
What Was Analyzed
The security assessment covers multiple analysis categories:
- Malware Detection: YARA rule matching against 2,400+ malware signatures
- Secret Detection: Scanning for exposed API keys, tokens, and credentials
- Static Analysis: Code-level security analysis for common vulnerability patterns
- Network Analysis: Detection of suspicious network communications and endpoints
- Obfuscation Detection: Identification of code obfuscation techniques
Developer Information
PassLok for Email is published by [email protected] on the Chrome Web Store marketplace. The extension has approximately 412 users.
Recommendation
Exercise caution with this extension. Review the detailed findings and ensure the requested permissions align with the extension's stated functionality before installation.
Source Code Not Available
Source code is not available for this version of the extension.
Frequently Asked Questions
Similar Extensions
Related extensions from the same publisher or marketplace