Extension Details
Context-Aware Verdict
The extension has a moderate user base of 10,000 users and a solid 4.5-star rating from 61 reviews, which suggests reasonable user satisfaction. The developer pdfsummary.ai appears to be focused on PDF-related tools, which aligns with the extension's stated purpose. However, the relatively small number of reviews compared to the user count may indicate limited user engagement or feedback.
The most significant concern is the extension's extremely broad permissions that far exceed what would be necessary for a PDF interaction tool. The <all_urls> host permissions and content script injection capabilities allow this extension to access and modify content on every website you visit, not just PDF-related sites. This creates potential for data harvesting, credential theft, or unauthorized website modifications. For a tool supposedly focused on PDF analysis, these permissions are excessive and raise red flags about the extension's true capabilities and intentions.
Given the high risk level, consider running this extension in a separate Chrome profile isolated from your main browsing activities. Before installation, carefully evaluate whether you truly need this functionality, as there may be safer alternatives for PDF analysis. If you proceed, monitor the extension's behavior closely and revoke permissions if you notice any suspicious activity. Consider using dedicated PDF analysis tools that don't require browser extensions instead.
Findings
Security Analysis Details
Required Permissions:
- storage
- scripting
Host Permissions:
- <all_urls>
Embedded URLs (14 total):
| https://f417518d07413ad1c350d74c5f635d1f@o4506502203441152.ingest.sentry.io/4506649191907328 | http://www.w3.org/2000/svg | |
| https://api2.amplitude.com/2/httpapi | https://api.eu.amplitude.com/2/httpapi | |
| https://api2.amplitude.com/batch | https://api.eu.amplitude.com/batch | |
| https://www.docs.developers.amplitude.com/data/sdks/browser-2/#tracking-default-events | http://www.apache.org/licenses/LICENSE-2.0 | |
| http://www.example.com | https://pdfsummary.ai | |
| https://api.pdfsummary.ai | https://clients2.google.com/service/update2/crx | |
| https://pdfsummary.ai/ | https://staging.pdfsummary.ai/ |
Raw Manifest
{ "name": "__MSG_appName__", "icons": { "16": "src/icons/16.png", "32": "src/icons/32.png", "48": "src/icons/48.png", "128": "src/icons/128.png" }, "action": { "default_icon": { "16": "src/icons/16.png", "24": "src/icons/24.png", "32": "src/icons/32.png" }, "default_popup": "src/action/index.html", "default_title": "__MSG_appName__" }, "version": "1.4.1", "commands": { "toggle-widget": { "description": "__MSG_commands_toggle_widget__", "suggested_key": { "default": "Alt+M" } } }, "background": { "type": "module", "service_worker": "service-worker-loader.js" }, "options_ui": { "page": "src/options/index.html", "open_in_tab": true }, "update_url": "https://clients2.google.com/service/update2/crx", "description": "__MSG_appDesc__", "permissions": [ "storage", "scripting" ], "default_locale": "en", "content_scripts": [ { "js": [ "assets/main.ts-loader-Qc8s5QYB.js" ], "run_at": "document_end", "matches": [ "<all_urls>" ] } ], "host_permissions": [ "<all_urls>" ], "manifest_version": 3, "externally_connectable": { "matches": [ "https://pdfsummary.ai/*", "https://staging.pdfsummary.ai/*" ] }, "minimum_chrome_version": "93", "web_accessible_resources": [ { "matches": [ "<all_urls>" ], "resources": [ "src/assets/*", "assets/InterVariable-lovs5kQ3.woff2", "assets/pdf-summary-logo-G6iUCjvE.png", "assets/vendor-S3N9t8RP.js", "assets/fetch-xhr-YPil_cUy.js", "assets/api-9wCeKcLE.js", "assets/store-WCFL9SGh.js", "assets/Button-iM3-HG2A.js", "assets/main.ts-hdJjHZsp.js" ], "use_dynamic_url": true } ] }
ⓘ CRXaminer has partnered with our friends at Secure Annex to provide additional findings unique to their platform.
Secure Annex also analyzes extensions from other browsers, IDEs, and can continuously monitor.
This extension may not yet be analyzed by Secure Annex.