Adobe Acrobat: PDF edit, convert, sign toolsSecurity Analysis

Extension intercepts network traffic and sends data externally — potential man-in-the-middle behavior.

Extension communicates with native apps and executes dynamic code — potential sandbox escape vector.

Extension has access to all sites and captures keyboard input — behavior consistent with a keylogger.

Manages other extensions, could disable security tools or install malware.

Creates functions from strings, similar to eval(), often used to hide malicious code.

Accesses browser cookies programmatically, could be used to steal session tokens.

Injects and executes scripts in web pages programmatically.

Dynamically sets a script's src attribute to load external code at runtime.

Listens for keyboard events, a common technique used by keyloggers.

Dynamically creates script elements, potentially loading external malicious code.

JavaScript files are accessible to ALL websites. Any page can load and interact with these scripts, enabling web→extension attacks.

Extension has cookie access and sends data to external servers — potential session token theft.

Extension reads browsing history and sends data externally — potential history exfiltration.

Sends messages via Chrome runtime, could communicate with external services.

Decodes base64 data, commonly used to hide malicious payloads.

Makes HTTP requests to external servers, may be used for data exfiltration.

Dynamically creates iframe elements, which can be used to load external content or hide malicious UI.

Modifies window.location to redirect the user, potentially to phishing or malicious pages.

Uses XMLHttpRequest to make network calls.

Fetches external URL: https://acrobat.adobe.com/dc-chrome-extension/index.html

Line exceeds 5000 characters (entropy: 5.218642918935783)

XSS via HTML passed to DOM manipulation methods

Web-accessible resources use <all_urls> or wildcard patterns, exposing resources to every website.

JavaScript files are exposed as web-accessible resources. Matched websites can load and interact with extension scripts.

Content script matches <all_urls>, executing on every website the user visits.

Extension uses tab tracking APIs (onUpdated/query) and communicates with external servers — potential browsing surveillance.

Sets innerHTML directly, which can lead to XSS if used with untrusted data.

Reads or writes to localStorage, which may contain sensitive site data.

Encodes data to base64, may be used for data exfiltration.

Creates a Web Worker, which runs code in a separate thread — can be used for background computation or crypto mining.

String with entropy 5.77 bits — may be encoded/encrypted data

object-src is not set to 'none'. Plugins like Flash can be embedded, which may allow code execution.

Extension accepts messages from 3 external pattern(s). Verify these are trusted origins.

libs/jquery-3.1.1.min.js

libs/jquery-3.1.1.js