Is Video Downloader HD safe to use?

Video Downloader HD has a risk level of HIGH with an overall risk score of 6.5/10. Our scan detected 30 security findings. This extension has significant security concerns — review the full report before installing.

What permissions does Video Downloader HD request?

Video Downloader HD requests the following permissions: storage, sidePanel, downloads, unlimitedStorage, webRequest. It also requests host access to: .

What is Video Downloader HD's risk score?

Video Downloader HD has an overall risk score of 6.5/10 (HIGH). Breakdown: Permissions 7.5/10, Code 8.6/10, Combinations 10.0/10, CSP 5.3/10.

ExtSafe

Video Downloader HDSecurity Analysis

Chromev1.2.3MV3February 18, 2026 at 11:41 AM

Potentially unsafe

This extension shows concerning patterns that may indicate risky behavior. Proceed with caution.

6.5HIGH

6.5 HIGHRaw: 8.1

This extension shows significant risk signals. Review the findings below carefully before installing or continuing to use it.

Based on 6 permissions including high-risk ones, 27 code findings, 1 dangerous combination.

Trust Signals(4.0/10)

Users

70K

Rating

4.5(523 reviews)

Status

Featured

Dangerous Combinations(1)

CRITICALNetwork interception + external communication

Extension intercepts network traffic and sends data externally — potential man-in-the-middle behavior.

webRequest/webRequestBlocking+external network request

Permissions

7.5/10

Code

8.6/10

Combinations

10.0/10

Manifest/CSP

5.3/10

Permissions(6 analyzed)

Code Findings(18 patterns, 27 total)

Libraries(3 detected)

3 libraries detected, 2 with known vulnerabilities

Content Security Policy

CSP Present(1 issue)

LOW

object-srcobject-src not restricted

object-src is not set to 'none'. Plugins like Flash can be embedded, which may allow code execution.

Manifest Analysis(3 findings)

Resolved from __MSG_* i18n placeholders:

Description: Video Downloader simplifies downloading video from the internet. All formats supported. Completely Free!

HIGH

web_accessible_resourcesJS files exposed to web pages

JavaScript files are accessible to ALL websites. Any page can load and interact with these scripts, enabling web→extension attacks.

MEDIUM

web_accessible_resources.matchesOverly broad match patterns

Web-accessible resources use <all_urls> or wildcard patterns, exposing resources to every website.

MEDIUM

content_scriptsContent script injected on all URLs

Content script matches <all_urls>, executing on every website the user visits.

External Domains(12)

api.vimeo.comapi.x.comapi16-normal-c-useast1a.tiktokv.comjedwatson.github.iolodash.comnpms.ioopenjsf.orgreactjs.orgunderscorejs.orgwww.dailymotion.comwww.facebook.comwww.instagram.com