Toggl 2.0

Toggl 2.0

ID: djchhhhpmaigfigeklaoekfgjdpmegdj

Supported Languages

🇺🇸English

Extension Info & Metadata

Status
Active
Version
0.21.0
Size
3.90 MB
Rating
3.0/5
Reviews
2
Users
2,000
Type
Extension
Updated
Jul 8, 2026
Category
Workflow & planning
Price
Free
Featured
No
Visibility
Listed
Mature
No
By Google
No
Trusted
No

Publisher Contextual Analysis

Author
TogglView Profile
Country
EE
MX records exist
Yes
Domain exists
Yes
Is disposable
No
Is role-based
Yes
Mailbox exists
Yes
Address
Tornimäe 5 Tallinn, Harjumaa 10145 EE
Website
Visit
Total Extensions
2
Active
1
Obsolete
1
Listed
2
Unlisted
0
Total Users
2,137
Screenshot 1
Screenshot 2
Screenshot 3

Drop busy. Plan, track, focus.

Overview Track time effortlessly without leaving your browser. The Toggl extension brings accurate, real-time time tracking into the websites you already use — so you can stay focused, keep better habits, and power smarter planning across your day. Whether you work in Asana, Trello, Google Suite, or other supported tools, you can start a timer directly from the page or task you’re on. Your time logs sync instantly with Toggl, helping you stay organized and understand where your time really goes. What you can do with the Toggl Extension Start and stop timers anywhere — no need to open a separate tab. Auto-capture task names from supported tools to keep time logs clean and accurate. See your daily and weekly totals at a glance to stay on track. Use real data to power smarter planning in Toggl’s web and mobile app. How to get started 1. Click Add to Chrome 2. Log in to Toggl from the extension 3. Enable permissions for the tools you use 4. Look for the Toggl button to appear in your favorite tools 5. Start a timer — your task name and time will sync automatically About Toggl Toggl helps individuals and teams improve their productivity with simple, accurate time tracking that powers better planning. Your data syncs across web and mobile — giving you a clear picture of your day and the confidence to plan ahead. Need help? Visit our support page or reach us at [email protected].

Item
Type
Severity
Description
scripting
Permission
Critical
This permission allows injection and execution of JavaScript on any webpage. Rated Critical because it can modify page content, steal sensitive data, and inject malicious code into any site the extension has access to.
*://*/*
Host
Critical
Broad host access — the extension can read/modify content on every website.
cookies
Permission
High
This permission provides full access to read and modify browser cookies. Rated High because it can steal session tokens, modify authentication cookies, and compromise accounts across websites.
Broad Host Permissions
Risk Factor
High
This extension has broad host permissions allowing it to access many or all websites.
Broad Content Script Access
Risk Factor
High
This extension can inject scripts into any website.
storage
Permission
Medium
This permission allows storing data locally in the browser. Rated Medium because it can persist sensitive user data, track user activities over time, and potentially store malicious payloads.
activeTab
Permission
Medium
This permission grants temporary access to the current tab. Rated Medium because it can access current page content when invoked, though limited to user-initiated actions.
alarms
Permission
Low
This permission schedules periodic tasks. Rated Low because it can only trigger events at specified times without access to sensitive data.
idle
Permission
Low
This permission detects system idle state. Rated Low because it only observes user activity state without access to activity details.
contextMenus
Permission
Low
This permission adds items to browser context menus. Rated Medium because it only modifies right-click menus without access to page content.
sidePanel
Permission
Low
This permission adds custom panels to the browser interface. Rated Low because it only affects browser UI elements and cannot access page content.
favicon
Permission
Low
This permission accesses website favicon images. Rated Low because it only retrieves publicly visible website icons.

The bundled manifest declares host_permissions ['*://*/*'] and five additional permissions (idle, contextMenus, activeTab, sidePanel, favicon) absent from the published CWS listing, which shows only ['*://*.toggl.com/*', '*://*.toggl.space/*'] for host_permissions and four base permissions. This divergence means the installed extension has programmatic access (chrome.cookies, scripting.executeScript, fetch-with-credentials) to every website, while the CWS disclosure implies only Toggl-owned domains. Broad access is functionally justified by the time-tracking-on-any-site feature, but the mismatch between declared and published permissions should be verified with the developer.

manifest.json (Line 14)
{  "permissions": [    "scripting",    "storage",    "cookies",    "alarms",    "idle",    "contextMenus",    "activeTab",    "sidePanel",    "favicon"  ],  "host_permissions": [    "*://*/*"  ],  "content_scripts": [    {      "matches": [        "*://*.toggl.com/*",        "*://*.toggl.space/*"      ],      "js": [        "content-scripts/auth.js"      ]    },    {      "matches": [        "*://*/*"      ],      "js": [        "content-scripts/banner.js",        "content-scripts/integration-bridge.js"      ]    }  ]}

By severity

Critical0
High1
Medium0
Low0

Versions scanned

None of the 12 scanned versions have more than one unique code-review finding. Counts are unique findings that include each version.

Extension VersionCode Review Findings
No versions with multiple unique findings.

Files with findings

1 distinct path — top paths by unique finding count:

  • manifest.json1
S.No.
Category
Severity
File
Summary
Found in Version
1Other
high
manifest.json (line 14)The bundled manifest declares host_permissions ['*://*/*'] and five additional permissions (idle, contextMenus, activeTab, sidePanel, favicon) absent from the published CWS listing, which shows only ['*://*.toggl.com/…
URLs
61
IPv4
25
IPv6
0

URLs

View the external URLs this extension communicates with to understand its network activity and data interactions.

Gain full insight into all external connections.

Upgrade for full visibility.

github.com/wxt-dev/wxt/issues/371https://github.com/wxt-dev/wxt/issues/371
wxt.dev/guide/go-further/testing.htmlhttps://wxt.dev/guide/go-further/testing.html
github.com/jonschlinkert/isobjecthttps://github.com/jonschlinkert/isobject
github.com/jonschlinkert/get-valuehttps://github.com/jonschlinkert/get-value
tinyurl.com/y2uuvskbhttps://tinyurl.com/y2uuvskb
bit.ly/2kdckMnhttp://bit.ly/2kdckMn
focus.toggl.com-https://focus.toggl.com
accounts.toggl.com-https://accounts.toggl.com
empty.invalid-https://empty.invalid
github.com/sindresorhus/kyhttps://github.com/sindresorhus/ky#baseurl
Showing 1 to 10 of 70 rows
Rows per page:

Gain full insight into all external connections.

Upgrade for full visibility.

127.0.0.1
IPv4
-
0.0.0.0
IPv4
-
163.163.212.46
IPv4
-
152.139.29.242
IPv4
-
26.144.39.217
IPv4
-
1.207.16.71
IPv4
-
22.87.22.35
IPv4
-
169.203.8.8
IPv4
-
225.158.9.9
IPv4
-
1.218.69.33
IPv4
-
124.1.202.25
IPv4
-
208.154.23.185
IPv4
-
3.1.5.3
IPv4
-
2.2.47.3
IPv4
-
1.252.94.94
IPv4
-
4.79.5.5
IPv4
-
223.51.93.93
IPv4
-
13.134.145.16
IPv4
-
2.123.32.32
IPv4
-
171.138.31.31
IPv4
-
2.122.35.35
IPv4
-
1.2.5.5
IPv4
-
1.203.5.5
IPv4
-
28.253.83.83
IPv4
-
171.139.31.31
IPv4
-
Showing 1 to 25 of 30 rows
Rows per page:
Showing 1 to 10 of 20 rows
Rows per page:

Code Diff

Compare extension code between any two versions.

0 changed files (scanned top 25 shared text files)

No comparable text files found between these versions.

Browse and explore files within this extension package

Gain full insight into all external connections.

Upgrade for full visibility.