ExtSafe

Smallpdf—Edit, Convert, Compress, & AI Summarize PDFSecurity Analysis

Chromev0.23.17MV3February 16, 2026 at 03:29 PM
8.4CRITICAL
8.4 CRITICAL

This extension shows critical risk indicators. It requests highly sensitive permissions combined with suspicious code patterns. Proceed with extreme caution.

Based on 7 permissions including high-risk ones, 80 code findings.

Permissions
10.0/10
Code
10.0/10
Combinations
0.0/10
Manifest/CSP
3.9/10

Permissions(7 analyzed)

Code Findings(14 patterns, 80 total)

Content Security Policy

CSP Present(1 issue)
LOW
object-srcobject-src not restricted

object-src is not set to 'none'. Plugins like Flash can be embedded, which may allow code execution.

Manifest Analysis(2 findings)

Resolved from __MSG_* i18n placeholders:

Name: Smallpdf—Edit, Convert, Compress, & AI Summarize PDF

Description: Easy-to-use PDF tools to compress, convert, merge, chat to, split, e-sign, and edit PDF files in your browser.

MEDIUM
web_accessible_resources.matchesOverly broad match patterns

Web-accessible resources use <all_urls> or wildcard patterns, exposing resources to every website.

LOW
externally_connectableExternal messaging enabled

Extension accepts messages from 4 external pattern(s). Verify these are trusted origins.

External Domains(14)

${this.host${window.location.hostchatpdf.smallpdf.comfiles.smallpdf.comfilestorage.smallpdf.comgit.iogithub.compluto.smallpdf.compro.smallpdf.comreactjs.orgsign.comsmallpdf.comtask.smallpdf.comworkspace.google.com

Indicators of Compromise

10 indicators of compromise found

File Statistics

72
Total Files
9
JS Files
3.7 MB
Total Size

Other Scanned Extensions

Urban VPN Proxy
8.2 CRITICAL
BrowserGPT: ChatGPT Anywhere Powered by GPT 4
8.2 CRITICAL
MyJDownloader Browser Extension
8.4 CRITICAL
__MSG_appName__
8.0 CRITICAL
HARPA AI: Web Automation with ChatGPT, Claude, Gemini, Grok
9.8 CRITICAL
Phantom
9.6 CRITICAL