CRX aminer
Extension icon

ViiTor Translate - AI Translation & Real-Time Bilingual Subtitles & Free

Version 1.35 View in Chrome Web Store

Last scanned: about 10 hours ago

Extension Details

Developer: https://www.viitor.info/
Rating: 4.0 ★ (262 ratings)
Users: 80,000

Context-Aware Verdict

CRITICAL
Overall Risk
Trust Factors:

The extension has a moderate user base of 80,000 users and a decent 4.0-star rating from 262 reviews, suggesting some level of user satisfaction. However, the developer website (viitor.info) provides limited transparency about the company behind the extension. The translation and subtitle functionality appears legitimate for the stated purpose.

Concerns:

The extension's permission set is extremely broad and concerning for a translation tool. The tabCapture permission allows recording of tab content, which combined with <all_urls> access creates significant privacy risks. The cookies permission enables access to authentication tokens and session data across all websites. The tabs permission allows monitoring and manipulation of all browser tabs. Most critically, the broad content script injection capability means this extension can execute code on every website you visit, potentially capturing passwords, personal information, or financial data. These permissions far exceed what's necessary for basic translation functionality.

Recommendations:

Given the critical risk level, avoid installing this extension on your primary browser profile. If you must use it, create a dedicated Chrome profile specifically for translation tasks and avoid accessing sensitive websites (banking, email, social media) while the extension is active. Consider alternative translation tools with more limited permissions, such as Google Translate's official extension or built-in browser translation features. Monitor your accounts for unusual activity if you've already used this extension.

Findings

HIGH
Broad Content Script Injection
This extension can inject scripts into any website. This means it could potentially read sensitive data, modify website content, or steal credentials.
HIGH
Broad Host Permissions
This extension has broad host permissions allowing it to access many or all websites. This could potentially be used to steal sensitive data or track browsing activity.
HIGH
High-Risk Permission: cookies
This extension has the cookies permission. Can access and modify browser cookies. This could potentially be used maliciously to compromise security or privacy.
HIGH
High-Risk Permission: tabs
This extension has the tabs permission. Can access browser tab information and manipulate tabs. This could potentially be used maliciously to compromise security or privacy.
MEDIUM
Medium-Risk Permission: activeTab
This extension has the activeTab permission. Can access the active tab when clicking the extension icon.
MEDIUM
Medium-Risk Permission: storage
This extension has the storage permission. Can store data locally.