Is VidHelper - Video Download Helper safe to use?

VidHelper - Video Download Helper has a risk level of HIGH with an overall risk score of 6.4/10. Our scan detected 102 security findings. This extension has significant security concerns — review the full report before installing.

What permissions does VidHelper - Video Download Helper request?

VidHelper - Video Download Helper requests the following permissions: tabs, webRequest, scripting, storage, unlimitedStorage, downloads, declarativeNetRequest, contextMenus, notifications, tabCapture. It also requests host access to: .

What is VidHelper - Video Download Helper's risk score?

VidHelper - Video Download Helper has an overall risk score of 6.4/10 (HIGH). Breakdown: Permissions 9.5/10, Code 6.5/10, Combinations 10.0/10, CSP 5.8/10.

ExtSafe

VidHelper - Video Download HelperSecurity Analysis

Chromev2.3.20MV3February 18, 2026 at 12:09 PM

Potentially unsafe

This extension shows concerning patterns that may indicate risky behavior. Proceed with caution.

Known Security Incidents(1)

Critical2024-12Resolved

Compromised in Cyberhaven supply chain attack

Extension was among 35+ extensions compromised in the December 2024 supply chain attack campaign that injected data-stealing code.

6.4HIGH

6.4 HIGHRaw: 8.0

This extension shows significant risk signals. Review the findings below carefully before installing or continuing to use it.

Based on 11 permissions including high-risk ones, 95 code findings, 3 dangerous combinations.

Trust Signals(4.0/10)

Users

50K

Rating

4.5(98 reviews)

Status

Featured

Dangerous Combinations(3)

MEDIUMTab tracking API + external communication

Extension uses tab tracking APIs (onUpdated/query) and communicates with external servers — potential browsing surveillance.

tabs+tabs API usage + external network

CRITICALNetwork interception + external communication

Extension intercepts network traffic and sends data externally — potential man-in-the-middle behavior.

webRequest/webRequestBlocking+external network request

CRITICALAll-sites access + keyboard capture

Extension has access to all sites and captures keyboard input — behavior consistent with a keylogger.

<all_urls>+keylogger_pattern

Permissions

9.5/10

Code

6.5/10

Combinations

10.0/10

Manifest/CSP

5.8/10

Permissions(11 analyzed)

Code Findings(24 patterns, 95 total)

Libraries(3 detected)

3 libraries detected

Content Security Policy

CSP Present(1 issue)

LOW

object-srcobject-src not restricted

object-src is not set to 'none'. Plugins like Flash can be embedded, which may allow code execution.

Manifest Analysis(3 findings)

Resolved from __MSG_* i18n placeholders:

Name: VidHelper - Video Download Helper

Description: Download any video or audio from any website with just one click.

HIGH

web_accessible_resourcesJS files exposed to web pages

JavaScript files are accessible to ALL websites. Any page can load and interact with these scripts, enabling web→extension attacks.

MEDIUM

web_accessible_resources.matchesOverly broad match patterns

Web-accessible resources use <all_urls> or wildcard patterns, exposing resources to every website.

HIGH

content_scriptsAggressive content script injection

Content script runs at document_start in ALL frames on ALL URLs. This gives the extension deep access to every page load, including iframes.

External Domains(30)

a.comaomedia.orgapp.vidhelper.appbit.lydashif.orgdeveloper.apple.comdocs.google.comemscripten.orgexample.comgithub.compopper.js.orgraw.githubusercontent.comschema.orgsmarturl.itvideojs.comvidhelper.appwww.apache.orgwww.brightcove.comwww.dailymotion.comwww.example.comwww.facebook.comwww.instagram.comwww.jsdelivr.comwww.pinterest.comwww.smpte-ra.orgwww.tiktok.comwww.twitch.tvwww.twitter.comwww.vimeo.comwww.youtube.com