ExtSafe

Video Downloader ProfessionalSecurity Analysis

Chromev2.1.6MV3February 16, 2026 at 03:15 PM
9.2CRITICAL
9.2 CRITICAL

This extension shows critical risk indicators. It requests highly sensitive permissions combined with suspicious code patterns. Proceed with extreme caution.

Based on 7 permissions including high-risk ones, 22 code findings, 2 dangerous combinations.

Dangerous Combinations(2)

HIGHTab tracking + external communication

Extension tracks open tabs and communicates with external servers — potential browsing surveillance.

tabs+external network request
CRITICALNetwork interception + external communication

Extension intercepts network traffic and sends data externally — potential man-in-the-middle behavior.

webRequest/webRequestBlocking+external network request
Permissions
10.0/10
Code
9.9/10
Combinations
10.0/10
Manifest/CSP
2.6/10

Permissions(7 analyzed)

Code Findings(7 patterns, 22 total)

Content Security Policy

No CSP Defined(1 issue)
MEDIUM
N/ANo CSP defined

This extension does not define a Content Security Policy. A CSP helps prevent XSS and code injection attacks.

Manifest Analysis(0 findings)

Resolved from __MSG_* i18n placeholders:

Description: Download videos from web sites or just collect them in your video list without downloading them.

No manifest-level concerns found.

External Domains(13)

chromewebstore.google.complayer.vimeo.comvideodownloaderultimate.comvimeo.comwww.collegehumor.comwww.dailymotion.comwww.funnyordie.comwww.mozilla.orgwww.speakerdeck.comwww.streamable.comwww.ted.comwww.videodownloaderultimate.comyoutube.com

Indicators of Compromise

5 indicators of compromise found

File Statistics

78
Total Files
9
JS Files
391.5 KB
Total Size

Other Scanned Extensions

Urban VPN Proxy
8.2 CRITICAL
BrowserGPT: ChatGPT Anywhere Powered by GPT 4
8.2 CRITICAL
MyJDownloader Browser Extension
8.4 CRITICAL
__MSG_appName__
8.0 CRITICAL
HARPA AI: Web Automation with ChatGPT, Claude, Gemini, Grok
9.8 CRITICAL
Phantom
9.6 CRITICAL