Is Equatio - Math made digital safe to use?

Equatio - Math made digital has a risk level of CRITICAL with an overall risk score of 9.8/10. Our scan detected 442 security findings. This extension has significant security concerns — review the full report before installing.

What permissions does Equatio - Math made digital request?

Equatio - Math made digital requests the following permissions: activeTab, tabs, alarms, storage, identity, identity.email, gcm, scripting. It also requests host access to: , https://docs.google.com/*, https://*.sharepoint.com/*, https://onedrive.live.com/*, https://*.officeapps.live.com/*, https://word.cloud.microsoft/*, https://powerpoint.cloud.microsoft/*, https://excel.cloud.microsoft/*, https://onenote.cloud.microsoft/*, https://docs.google.com/forms/*, https://docs.google.com/*/forms/*, https://docs.google.com/*picker*, https://pdf.dev.texthelp.com/*, https://orbit.texthelp.com/*, https://orbitnote-us.staging.texthelp.com/*, https://orbitnote.staging.texthelp.com/*, https://orbitnote-stg.dev.texthelp.com/*, https://orbit-kit-client-dev-mc.texthelp.dev/*, https://orbitnote.dev.texthelp.com/*, https://orbitbeta.texthelp.com/*, https://orbit-sandbox.texthelp.dev/*, https://*.coursera.org/*, https://*.dev-coursera.org/*, https://equatio.texthelp.com/*, https://equatio.dev.texthelp.com/*.

What is Equatio - Math made digital's risk score?

Equatio - Math made digital has an overall risk score of 9.8/10 (CRITICAL). Breakdown: Permissions 10.0/10, Code 10.0/10, Combinations 10.0/10, CSP 8.0/10.

ExtSafe

Equatio - Math made digitalSecurity Analysis

Chromev67.0.1MV3February 16, 2026 at 03:08 PM

9.8CRITICAL

9.8 CRITICAL

This extension shows critical risk indicators. It requests highly sensitive permissions combined with suspicious code patterns. Proceed with extreme caution.

Based on 33 permissions including high-risk ones, 413 code findings, 2 dangerous combinations.

Dangerous Combinations(2)

HIGHTab tracking + external communication

Extension tracks open tabs and communicates with external servers — potential browsing surveillance.

tabs+external network request

CRITICALAll-sites access + keyboard capture

Extension has access to all sites and captures keyboard input — behavior consistent with a keylogger.

<all_urls>+keylogger_pattern

Permissions

10.0/10

Code

10.0/10

Combinations

10.0/10

Manifest/CSP

8.0/10

Permissions(33 analyzed)

Code Findings(33 patterns, 413 total)

Libraries(13 detected)

13 libraries detected, 1 with known vulnerabilities

Content Security Policy

CSP Present(1 issue)

LOW

object-srcobject-src not restricted

object-src is not set to 'none'. Plugins like Flash can be embedded, which may allow code execution.

Manifest Analysis(5 findings)

Resolved from __MSG_* i18n placeholders:

Name: Equatio - Math made digital

Description: Easily create mathematical equations, formulas and quizzes. Intuitively type or handwrite, with no tricky math code to learn.

MEDIUM

web_accessible_resourcesJS files exposed to web pages

JavaScript files are exposed as web-accessible resources. Matched websites can load and interact with extension scripts.

HIGH

web_accessible_resourcesJS files exposed to web pages

JavaScript files are accessible to ALL websites. Any page can load and interact with these scripts, enabling web→extension attacks.

MEDIUM

web_accessible_resources.matchesOverly broad match patterns

Web-accessible resources use <all_urls> or wildcard patterns, exposing resources to every website.

LOW

externally_connectableExternal messaging enabled

Extension accepts messages from 1 external pattern(s). Verify these are trusted origins.

MEDIUM

content_scriptsContent script injected on all URLs

Content script matches <all_urls>, executing on every website the user visits.

External Domains(70)

${o${r${s${tclipboardjs.comconsole.firebase.google.comdocbook.orgdocs.google.comdocs.googleapis.comequatio-academy.prismic.ioequatio-api.dev.texthelp.comequatio-api.texthelp.comequatio-assets.texthelp.comequatio-desmos-proxy.texthelp.comequatio-for-desktop.firebaseio.comequatio-live-eu-firebase-default-rtdb.europe-west1.firebasedatabase.appequatio-services-eu.texthelp.comequatio-services.texthelp.comequatio.s3.amazonaws.comequatio.texthelp.comequatiospeech-eu.speechstream.netequatiospeech.speechstream.netfb.mefeross.orgfiles.rcsb.orgfirebase.google.comformatjs.ioforms.googleapis.comgithub.comist.texthelp.comjedwatson.github.iojquery.comjquery.orgjs.foundationlicensing.texthelp.comlocalhostmathsolver.texthelp.commathworld.wolfram.commessaging.texthelp.commmtf.rcsb.orgmomentjs.commrl.nyu.eduoauth2.googleapis.comopen-ai-proxy.texthelp.compay.texthelp.compubchem.ncbi.nlm.nih.govreactjs.orgredux.js.orgs3.amazonaws.comsaxon.sf.netsaxonica.comsecuretoken.google.comsheets.googleapis.comsizzlejs.comslides.googleapis.comsodipodi.sourceforge.netssl.gstatic.comstackoverflow.comsupport.google.comtext.helpth-messaging.dev.texthelp.comwww.apache.orgwww.eslinstructor.netwww.gnu.orgwww.google-analytics.comwww.googleapis.comwww.inkscape.orgwww.opensource.orgwww.saxonica.comwww.texthelp.com