Cookie Check! in Chrome with OffiDocs

DESCRIPTION:

Run the Chrome online web store extension Cookie Check! using OffiDocs Chromium online.

Checks cookies for secure attributes and assigns a risk score based on security metrics.

WHAT IT DOES:

Manifest V3 Structure:
Uses a background service worker, proper permissions (cookies), and host permissions.

Cookie Table Display:
Presents a sortable table with key details:

Cookie Name
Domain
Secure flag
HttpOnly flag
SameSite attribute
Expiration/Session status
Calculated Risk (0–10) with a color-coded visual gauge
A Remove button for each cookie
Risk Calculation:
Computes a risk score based solely on cookie attributes:

Missing Secure flag (+2)
Missing HttpOnly flag (+2)
SameSite setting (“none” or undefined adds more risk, “lax” adds less)
Expiration details (session cookies get a higher risk score)
Cookiepedia Integration:
Provides a clearly visible “View Details” link (styled as a button) next to each cookie name that opens a Cookiepedia page for that cookie.

Sorting Functionality:
Allows users to sort by cookie name, risk, domain, and other attributes by clicking on the table headers.

Cookie Management:
Users can manually remove cookies directly from the popup.

Security Goals Achieved:

Visibility of Cookie Security Posture:
Clearly shows which cookies are at higher risk due to missing security attributes.

Actionable Insights:
Enables users to quickly identify and remove insecure cookies.

User Education:
Integrates external context through Cookiepedia, helping users understand cookie functions.

Organized Analysis:
Sorting and a visual risk gauge help prioritize which cookies might need attention.

WHAT IT DOES NOT DO:

Real-Time Notifications:
No built-in pop-ups or notifications alert users immediately when a high-risk cookie is added or modified.

Inline Cookie Usage Monitoring:
The extension does not track or display how frequently cookies are accessed by pages (e.g., via JavaScript), which could be critical for session hijack prevention.

Dynamic Behavioral Analysis:
It doesn’t integrate history or runtime usage patterns to factor into the risk assessment.

Prevention Mechanisms:
The tool is diagnostic—it doesn’t actively block or prevent insecure cookie usage, only alerts the user for manual intervention.

Inline JavaScript Access Monitoring:
There is no injection or override mechanism to detect when document.cookie is accessed by page scripts.

Cookie Check! web extension integrated with the OffiDocs Chromium online