Is Dark Reader safe to use?

Dark Reader has a risk level of MEDIUM with an overall risk score of 4.7/10. Our scan detected 84 security findings. This extension has some risks worth reviewing.

What permissions does Dark Reader request?

Dark Reader requests the following permissions: alarms, fontSettings, scripting, storage, contextMenus. It also requests host access to: *://*/*, .

What is Dark Reader's risk score?

Dark Reader has an overall risk score of 4.7/10 (MEDIUM). Breakdown: Permissions 7.0/10, Code 6.8/10, Combinations 10.0/10, CSP 5.6/10.

ExtSafe

Dark ReaderSecurity Analysis

Chromev4.9.121MV3March 16, 2026 at 03:44 PM

Use with caution

This extension requests significant permissions. It has 6M+ users, a 4.2 star rating, is published by Dark Reader Ltd, but review the findings below.

4.7MEDIUM

4.7 MEDIUMRaw: 7.3

This extension shows some risk signals that are common in legitimate extensions but worth reviewing. Check the details below.

Based on 7 permissions including high-risk ones, 81 code findings, 1 dangerous combination.

Trust Signals(6.5/10)

Users

6.0M

Rating

4.2(13K reviews)

Developer

Dark Reader Ltd

Status

Featured

Dangerous Combinations(1)

CRITICALAll-sites access + keyboard capture

Extension has access to all sites and captures keyboard input — behavior consistent with a keylogger.

<all_urls>+keylogger_pattern

Permissions

7.0/10

Code

6.8/10

Combinations

10.0/10

Manifest/CSP

5.6/10

Permissions(7 analyzed)

Code Findings(9 patterns, 81 total)

Content Security Policy

CSP Present

Manifest Analysis(3 findings)

Resolved from __MSG_* i18n placeholders:

Description: Dark mode for every website. Take care of your eyes, use dark theme for night and daily browsing.

HIGH

content_scriptsAggressive content script injection

Content script runs at document_start in ALL frames on ALL URLs. This gives the extension deep access to every page load, including iframes.

HIGH

content_scriptsAggressive content script injection

Content script runs at document_start in ALL frames on ALL URLs. This gives the extension deep access to every page load, including iframes.

MEDIUM

content_scriptsContent script injected on all URLs

Content script matches <all_urls>, executing on every website the user visits.

External Domains(7)

${hostnamechromewebstore.google.comdarkreader.orggithub.comgoogle.commicrosoftedge.microsoft.comraw.githubusercontent.com

Indicators of Compromise

9 indicators of compromise found

File Statistics

Total Files

JS Files

2.9 MB

Total Size

Other Scanned Extensions

Image downloader - Imageye