Extension Auditor
Extension Auditor
Sign Up
Blocdrive

Blocdrive

ID: acmkailckjgackliddhdencebmfgoehl

Supported Languages

🇺🇸English

Extension Info & Metadata

Status
Active
Version
0.3
Size
2.79 MB
Rating
5.0/5
Reviews
3
Users
9
Type
Extension
Updated
Oct 17, 2023
Category
Communication
Price
Free
Featured
No
Visibility
Listed
Mature
No
By Google
No
Trusted
Yes
Download CRX
Chrome Web Store
Report Issue

Publisher Contextual Analysis

Trusted
Author
BlocdriveView Profile
Privacy
Privacy Policy
Help
Help Center
Country
IN
MX records exist
Yes
Domain exists
Yes
Is disposable
No
Is role-based
Yes
Mailbox exists
Yes
Address
# 563, "Srichid", II Cross, II Main, RBI East Layout, VII Phase, J P Nagar. Bangalore - 560078, Karnataka, India. Bangalore, Karnataka 560078 IN
Total Extensions
2
Active
1
Obsolete
1
Listed
2
Unlisted
0
Total Users
14
Screenshot 1
Screenshot 2
Screenshot 3
Screenshot 4

Blocdrive Gmail Extension. Privacy Policy: https://blocdrive.com/#/privacy

"Blocdrive for Gmail: Streamline Your Inbox Blocdrive enhances your Gmail experience with powerful productivity tools. Effortlessly manage emails, boost organization, and optimize your workflow. Take control of your inbox today!"

Item
Type
Severity
Description
scripting
Permission
Critical
This permission allows injection and execution of JavaScript on any webpage. Rated Critical because it can modify page content, steal sensitive data, and inject malicious code into any site the extension has access to.
Contextual Risk Factors
Risk Factor
High
The following context increases the overall risk:• 20% increase: Access to sensitive domains increases potential impact
https://mail.google.com/
Host
Medium
Host permission — access limited to this URL pattern.
Access to Sensitive Domains
Risk Factor
Medium
This extension requests access to sensitive domains: https://mail.google.com/

background.js injects pageWorld.js into the MAIN world of Gmail tabs via chrome.scripting.executeScript. This is the standard InboxSDK pattern and is not malicious in itself, but pageWorld.js was not available for review — the file that executes in Gmail's privileged page context is the one most capable of credential theft or data exfiltration, and it cannot be assessed.

background.js (Line 11)
chrome.scripting.executeScript({  target: {    tabId: sender.tab.id  },  world: 'MAIN',  files: ['pageWorld.js'],});

By severity

Critical0
High1
Medium0
Low0

Versions scanned

None of the 1 scanned version has more than one unique code-review finding. Counts are unique findings that include each version.

Extension VersionCode Review Findings
No versions with multiple unique findings.

Files with findings

1 distinct path — top paths by unique finding count:

  • background.js1
S.No.
Category
Severity
File
Summary
Found in Version
1Other
high
background.js (line 11)background.js injects pageWorld.js into the MAIN world of Gmail tabs via chrome.scripting.executeScript. This is the standard InboxSDK pattern and is not malicious in itself, but pageWorld.js was not available for rev…
0.3
URLs
39
IPv4
0
IPv6
0

URLs

View the external URLs this extension communicates with to understand its network activity and data interactions.

Gain full insight into all external connections.

Upgrade for full visibility.

Sign In
github.com/kefirjs/kefir/issues/145https://github.com/kefirjs/kefir/issues/145
github.com/kefirjs/kefir/issues/149https://github.com/kefirjs/kefir/issues/149
github.com/kefirjs/kefir/issues/150https://github.com/kefirjs/kefir/issues/150
fb.me/use-check-prop-typeshttp://fb.me/use-check-prop-types
reactjs.org/docs/error-decoder.htmlhttps://reactjs.org/docs/error-decoder.html?invariant=
www.w3.org/2000/svghttp://www.w3.org/2000/svg
www.w3.org/1998/Math/MathMLhttp://www.w3.org/1998/Math/MathML
www.w3.org/1999/xhtmlhttp://www.w3.org/1999/xhtml
www.w3.org/1999/xlinkhttp://www.w3.org/1999/xlink
www.w3.org/XML/1998/namespacehttp://www.w3.org/XML/1998/namespace
Showing 1 to 10 of 40 rows
Rows per page:

Gain full insight into all external connections.

Upgrade for full visibility.

Sign In
No IP addresses found
Version
Size
Is Malicious
Findings
Permhash
0.3
Latest
2.79 MB
Malicious
1
dab751f45000becc78185bf76ff71cbe3fada6f3d1483ff480f55fd34783925d
Showing 1 to 1 of 10 rows
Rows per page:

Browse and explore files within this extension package

Gain full insight into all external connections.

Upgrade for full visibility.

Sign In