Is Language Reactor safe to use?

Language Reactor has a risk level of CRITICAL with an overall risk score of 8.9/10. Our scan detected 166 security findings. This extension has significant security concerns — review the full report before installing.

What permissions does Language Reactor request?

Language Reactor requests the following permissions: storage, contextMenus, activeTab, scripting. It also requests host access to: https://i.ytimg.com/*, https://*.netflix.com/*, *://*.youtube.com/*, *://*.amazon.com.br/*, *://*.amazon.ca/*, *://*.amazon.com.mx/*, *://*.amazon.com/*, *://*.amazon.cn/*, *://*.amazon.in/*, *://*.amazon.co.jp/*, *://*.amazon.sg/*, *://*.amazon.ae/*, *://*.amazon.sa/*, *://*.amazon.fr/*, *://*.amazon.de/*, *://*.amazon.it/*, *://*.amazon.nl/*, *://*.amazon.pl/*, *://*.amazon.es/*, *://*.amazon.se/*, *://*.amazon.com.tr/*, *://*.amazon.co.uk/*, *://*.amazon.com.au/*, https://*.languagereactor.com/*.

What is Language Reactor's risk score?

Language Reactor has an overall risk score of 8.9/10 (CRITICAL). Breakdown: Permissions 10.0/10, Code 10.0/10, Combinations 0.0/10, CSP 8.6/10.

ExtSafe

Language ReactorSecurity Analysis

Chromev5.1.6MV3February 16, 2026 at 03:41 PM

8.9CRITICAL

8.9 CRITICAL

This extension shows critical risk indicators. It requests highly sensitive permissions combined with suspicious code patterns. Proceed with extreme caution.

Based on 28 permissions including high-risk ones, 141 code findings.

Permissions

10.0/10

Code

10.0/10

Combinations

0.0/10

Manifest/CSP

8.6/10

Permissions(28 analyzed)

Code Findings(20 patterns, 141 total)

Libraries(5 detected)

5 libraries detected

Content Security Policy

CSP Present(1 issue)

LOW

object-srcobject-src not restricted

object-src is not set to 'none'. Plugins like Flash can be embedded, which may allow code execution.

Manifest Analysis(5 findings)

Resolved from __MSG_* i18n placeholders:

Description: Learn languages effectively by watching films and series in your target language.

MEDIUM

web_accessible_resources.matchesOverly broad match patterns

Web-accessible resources use <all_urls> or wildcard patterns, exposing resources to every website.

HIGH

web_accessible_resourcesJS files exposed to web pages

JavaScript files are accessible to ALL websites. Any page can load and interact with these scripts, enabling web→extension attacks.

MEDIUM

web_accessible_resources.matchesOverly broad match patterns

Web-accessible resources use <all_urls> or wildcard patterns, exposing resources to every website.

HIGH

web_accessible_resourcesJS files exposed to web pages

JavaScript files are accessible to ALL websites. Any page can load and interact with these scripts, enabling web→extension attacks.

MEDIUM

web_accessible_resources.matchesOverly broad match patterns

Web-accessible resources use <all_urls> or wildcard patterns, exposing resources to every website.

External Domains(24)

${this.region10.66.66.10api-cdn-plus.dioco.ioapi-cdn.dioco.ioapi.dioco.iofeross.orgfirebase.google.comforum.languagelearningwithnetflix.comgithub.comjquery.comjquery.orgjs.foundationlocalhostmui.comreactjs.orgsizzlejs.comtatoeba.orgtwitter.comwww.${www.apache.orgwww.example.comwww.languagereactor.comwww.netflix.comwww.youtube.com