[ new scan ] [ statistics ] [ github ] [ twitter ] [ help ]

PDF Viewer Pro - View, Edit, Fill, Convert, Sign, and More

Version 4.5.175 View in Chrome Web Store

Last scanned: about 15 hours ago

Extension Details

Rating: 4.7 ★ (7 ratings)

Users: 4,000

Context-Aware Verdict

CRITICAL

Overall Risk

Trust Factors:

The extension has a very small user base of only 4,000 users, which is concerning for a PDF tool claiming comprehensive functionality. While it maintains a 4.7-star rating, this is based on only 7 reviews, making the rating statistically insignificant. The lack of developer information and company details raises transparency concerns. The extension claims extensive PDF capabilities including editing, converting, and signing, which typically require substantial development resources.

Concerns:

The permission set is extremely excessive for a PDF viewer. The combination of tabs, webRequest, webNavigation, and all_urls host permissions creates a powerful surveillance toolkit that can monitor and intercept all web traffic. These permissions far exceed what's necessary for PDF functionality. The webRequest permission is particularly concerning as it allows the extension to modify network requests across all websites. Content scripts running on all protocols (including file://) suggest the extension can access local files. The broad scope of permissions combined with the small user base and lack of developer transparency creates a high-risk profile.

Recommendations:

Do not install this extension. The permission requirements are disproportionate to its stated PDF functionality and pose significant privacy and security risks. If PDF editing capabilities are needed, use established alternatives like Adobe Acrobat Reader, built-in browser PDF viewers, or well-known extensions from verified developers with larger user bases and transparent company information. Consider using dedicated PDF software outside the browser for sensitive document handling.

Findings

HIGH

Broad Host Permissions

This extension has broad host permissions allowing it to access many or all websites. This could potentially be used to steal sensitive data or track browsing activity.

HIGH

High-Risk Permission: tabs

This extension has the tabs permission. Can access browser tab information and manipulate tabs. This could potentially be used maliciously to compromise security or privacy.

HIGH

High-Risk Permission: webNavigation

This extension has the webNavigation permission. Can track your web navigation. This could potentially be used maliciously to compromise security or privacy.

HIGH

High-Risk Permission: webRequest

This extension has the webRequest permission. Can intercept and modify web requests. This could potentially be used maliciously to compromise security or privacy.

MEDIUM

Medium-Risk Permission: activeTab

This extension has the activeTab permission. Can access the active tab when clicking the extension icon.

MEDIUM

Medium-Risk Permission: contextMenus

This extension has the contextMenus permission. Can add items to the context menu.

MEDIUM

Medium-Risk Permission: storage

This extension has the storage permission. Can store data locally.

Security Analysis Details

Required Permissions:

tabs
activeTab
contextMenus
webRequest
webNavigation
storage

Host Permissions:

<all_urls>

Embedded URLs (116 total):

http://www.apache.org/licenses/LICENSE-2.0	http://crbug.com/104058
https://crbug.com/326768	https://github.com/Rob--W/pdfjs-telemetry
https://pdfjs.robwu.nl/logpdfjs	https://clients2.google.com/service/update2/crx
http://crbug.com/273589	http://...pdf
https://crbug.com/784528	http://crbug.com/179767
https://pdf.itoolkit.app/?utm_source=ctxmenu	https://chromewebstore.google.com/detail/cmdooepdomcdmmdjgjohkkeajegcngfb/reviews
https://robwu.nl/pdfjs/issue6174/.	https://github.com/mozilla/pdf.js/issues/11137
https://github.com/mozilla/pdf.js/pull/7635.	https://github.com/mozilla/pdf.js/pull/9479.
https://github.com/mozilla/pdf.js/pull/10502.	http://example.com/file.pdf
https://tc39.es/ecma262/#sec-array.prototype.includes	https://tc39.es/ecma262/#sec-array.prototype.indexof
https://tc39.es/ecma262/#sec-createiterresultobject	https://github.com/zloirock/core-js/issues/1128
https://github.com/zloirock/core-js/issues/1130	https://tc39.es/proposal-iterator-helpers/#sec-getiteratordirect
https://tc39.es/ecma262/#sec-getmethod	https://tc39.es/proposal-set-methods/#sec-getsetrecord
https://github.com/zloirock/core-js/issues/86#issuecomment-115759028	https://tc39.es/ecma262/#sec-hasownproperty
https://github.com/mozilla/rhino/issues/346	https://tc39.es/ecma262/#sec-isarray
https://tc39.es/ecma262/#sec-IsHTMLDDA-internal-slot	https://tc39.es/ecma262/#sec-iscallable
https://tc39.es/ecma262/#sec-IsHTMLDDA-internal-slot-aec	https://github.com/tc39/proposal-iterator-helpers
https://tc39.es/ecma262/#sec-%iteratorprototype%-object	https://tc39.es/ecma262/#sec-%iteratorprototype%-@@iterator
https://tc39.es/ecma262/#sec-lengthofarraylike	https://tc39.es/ecma262/#sec-math.trunc
https://tc39.es/ecma262/#sec-newpromisecapability	https://github.com/zloirock/core-js/issues/475
https://github.com/es-shims/es5-shim/issues/150	https://github.com/kitcambridge/es5-shim/commit/4f738ac066346
https://tc39.es/ecma262/#sec-object.create	https://tc39.es/ecma262/#sec-object.defineproperties
https://tc39.es/ecma262/#sec-object.defineproperty	https://tc39.es/ecma262/#sec-object.getownpropertydescriptor
https://tc39.es/ecma262/#sec-object.getownpropertynames	https://tc39.es/ecma262/#sec-object.getprototypeof
https://tc39.es/ecma262/#sec-object.keys	https://tc39.es/ecma262/#sec-object.prototype.propertyisenumerable
https://tc39.es/ecma262/#sec-ordinarytoprimitive	https://tc39.es/ecma262/#sec-requireobjectcoercible
https://github.com/tc39/proposal-set-methods	https://tc39.github.io/proposal-set-methods/#Set.prototype.isDisjointFrom
https://tc39.github.io/proposal-set-methods/#Set.prototype.isSubsetOf	https://tc39.github.io/proposal-set-methods/#Set.prototype.isSupersetOf
https://github.com/tc39/proposal-set-methods/pull/88	https://github.com/zloirock/core-js/blob/v3.37.1/LICENSE
https://github.com/zloirock/core-js	https://tc39.es/ecma262/#sec-tointegerorinfinity
https://tc39.es/ecma262/#sec-tolength	https://tc39.es/ecma262/#sec-toobject
https://tc39.es/ecma262/#sec-toprimitive	https://tc39.es/ecma262/#sec-topropertykey
https://bugs.chromium.org/p/v8/issues/detail?id=3334	https://bugs.chromium.org/p/v8/issues/detail?id=12681
https://tc39.es/ecma262/#sec-array.prototype.push	https://github.com/tc39/proposal-promise-with-resolvers
https://www.json.org/json-en.html	https://tc39.es/ecma262/#sec-json.parse
https://github.com/tc39/proposal-json-parse-with-source	https://bugs.chromium.org/p/v8/issues/detail?id=14222
https://github.com/whatwg/url/pull/734	http://www.w3.org/1999/xhtml
http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul	http://example.com
https://itoolkit.app/api/v1/extension/config	https://github.com/adobe-type-tools/cmap-resources
https://support.mozilla.org/en-US/kb/pdf-alt-text	http://www.w3.org/2000/svg

Page 1 of 2

Raw Manifest

{
  "name": "__MSG_appName__",
  "icons": {
    "32": "icon-32x32.png",
    "48": "icon-48x48.png",
    "96": "icon-96x96.png",
    "128": "icon-128x128.png",
    "256": "icon-256x256.png",
    "300": "icon-300x300.png",
    "512": "icon-512x512.png"
  },
  "action": {
    "default_icon": {
      "32": "icon-32x32.png",
      "48": "icon-48x48.png",
      "96": "icon-96x96.png",
      "128": "icon-128x128.png",
      "256": "icon-256x256.png",
      "300": "icon-300x300.png",
      "512": "icon-512x512.png"
    }
  },
  "storage": {
    "managed_schema": "preferences_schema.json"
  },
  "version": "4.5.175",
  "background": {
    "service_worker": "service_worker.js"
  },
  "options_ui": {
    "page": "options/options.html"
  },
  "short_name": "PDF Viewer Pro",
  "update_url": "https://clients2.google.com/service/update2/crx",
  "description": "__MSG_appDescription__",
  "permissions": [
    "tabs",
    "activeTab",
    "contextMenus",
    "webRequest",
    "webNavigation",
    "storage"
  ],
  "options_page": "options/options.html",
  "default_locale": "en",
  "content_scripts": [
    {
      "js": [
        "contentscript.js"
      ],
      "css": [
        "contentstyle.css"
      ],
      "run_at": "document_start",
      "matches": [
        "http://*/*",
        "https://*/*",
        "ftp://*/*",
        "file://*/*"
      ],
      "all_frames": true
    }
  ],
  "host_permissions": [
    "<all_urls>"
  ],
  "manifest_version": 3,
  "file_browser_handlers": [
    {
      "id": "open-as-pdf",
      "file_filters": [
        "filesystem:*.pdf"
      ],
      "default_title": "Open with PDF Viewer Pro"
    }
  ],
  "minimum_chrome_version": "88",
  "web_accessible_resources": [
    {
      "matches": [
        "<all_urls>"
      ],
      "resources": [
        "*.pdf",
        "*.PDF"
      ]
    }
  ]
}

by ✦ Astarte

PDF Viewer Pro - View, Edit, Fill, Convert, Sign, and More

Extension Details

Context-Aware Verdict

Findings

Security Analysis Details

Required Permissions:

Host Permissions:

Embedded URLs (116 total):

Raw Manifest

Detections

Manifest Findings