Dark Reader

Name: Security Analysis: Dark Reader
Item: Dark Reader
Rating: 5
Author: ChromeBoard

🔍 Security Report Available

👥 6M+ users

📦 v4.9.121

💾 801KiB

📅 2026-02-12

View on Chrome Web Store

Chrome will indicate if you already have this installed.

Overview

This eye-care extension enables night mode by creating dark themes for websites on the fly. Dark Reader inverts bright colors to make web pages high contrast and easier to read.

Adjust brightness, contrast, the sepia filter, font preferences. Enable dark mode on every web page or give websites a sepia tone. Enable or disable Dark Reader for specific websites, automatically sync with system dark mode, or detect already dark websites and leave them unchanged.

This is the original Dark Reader extension. Since 2014, we continuously evolve alongside modern web technologies to deliver fast and reliable dark mode support for people sensitive to bright light.

By installing the extension you agree to these terms of use https://darkreader.org/terms/

Please disable similar extensions to avoid conflicts. Enjoy browsing!

Privacy Practices

✓ Not being sold to third parties, outside of the approved use cases

✓ Not being used or transferred for purposes that are unrelated to the item's core functionality

✓ Not being used or transferred to determine creditworthiness or for lending purposes

v4.9.121 Info Scanned Mar 4, 2026

Security Analysis — Dark Reader

Analyzed v4.9.121 · Mar 4, 2026 · 9 JS files · 1306 KB scanned

Permissions

Code Patterns Detected

External Connections

darkreader.org www.w3.org github.com microsoftedge.microsoft.com raw.githubusercontent.com google.com fonts.googleapis.com

Package Contents 89 files · 2.9MB

▾📁_locales337KB

▾📁ar9KB

{}messages.json9KB

▾📁be9KB

{}messages.json9KB

▾📁bg9KB

{}messages.json9KB

▾📁bn11KB

{}messages.json11KB

▾📁cs7KB

{}messages.json7KB

▾📁da_DK7KB

{}messages.json7KB

▾📁de7KB

{}messages.json7KB

▾📁el10KB

{}messages.json10KB

▾📁en7KB

{}messages.json7KB

▾📁en_GB7KB

{}messages.json7KB

▾📁en_US7KB

{}messages.json7KB

▾📁es7KB

{}messages.json7KB

▾📁es_4197KB

{}messages.json7KB

▾📁fa9KB

{}messages.json9KB

▾📁fa_IR9KB

{}messages.json9KB

▾📁fil7KB

{}messages.json7KB

▾📁fr7KB

{}messages.json7KB

▾📁he8KB

{}messages.json8KB

▾📁hi11KB

{}messages.json11KB

▾📁id7KB

{}messages.json7KB

▾📁it7KB

{}messages.json7KB

▾📁ja8KB

{}messages.json8KB

▾📁ko7KB

{}messages.json7KB

▾📁ms7KB

{}messages.json7KB

▾📁nl7KB

{}messages.json7KB

▾📁no7KB

{}messages.json7KB

▾📁pl7KB

{}messages.json7KB

▾📁pt_BR7KB

{}messages.json7KB

▾📁pt_PT7KB

{}messages.json7KB

▾📁ro7KB

{}messages.json7KB

▾📁ru9KB

{}messages.json9KB

▾📁si11KB

{}messages.json11KB

▾📁sk7KB

{}messages.json7KB

▾📁sr9KB

{}messages.json9KB

▾📁sv7KB

{}messages.json7KB

▾📁te12KB

{}messages.json12KB

▾📁th11KB

{}messages.json11KB

▾📁tr7KB

{}messages.json7KB

▾📁uk9KB

{}messages.json9KB

▾📁vi8KB

{}messages.json8KB

▾📁zh_CN7KB

{}messages.json7KB

▾📁zh_TW7KB

{}messages.json7KB

▾📁_metadata12KB

{}verified_contents.json12KB

▾📁background259KB

📜index.js259KBlarge

▾📁config778KB

📄color-schemes.drconf2KB

📄dark-sites.config20KB

📄detector-hints.config10KB

📄dynamic-theme-fixes.config700KB

📄inversion-fixes.config44KB

📄static-themes.config3KB

▾📁icons15KB

🖼dr_128.png8KB

🖼dr_16.png608B

🖼dr_48.png2KB

🖼dr_active_19.png615B

🖼dr_active_38.png1KB

🖼dr_active_light_19.png686B

🖼dr_active_light_38.png2KB

▾📁inject363KB

📜color-scheme-watcher.js10KB

📜fallback.js2KB

📜index.js327KBlarge

📜proxy.js23KB

▾📁ui1.2MB

▾📁assets375KB

▾📁fonts304KB

📄LICENSE.txt11KB

🔤OpenSans-Light.ttf99KB

🔤OpenSans-Regular.ttf95KB

🔤OpenSans-SemiBold.ttf98KB

▾📁images71KB

🖼birthday-icon.svg7KB

🖼darkreader-icon-256x256.png16KB

🖼darkreader-thumb-up.svg14KB

🖼darkreader-type.svg3KB

🖼icon-android-dark.svg728B

🖼icon-apple-white.svg1KB

🖼mobile-icon-40x64.svg10KB

🖼mobile-qr-code-firefox.png609B

🖼mobile-qr-code.png513B

🖼mode-dark-32.svg9KB

🖼mode-light-32.svg9KB

▾📁devtools159KB

🌐index.html542B

📜index.js130KBlarge

🎨style.css28KB

▾📁options211KB

🌐index.html535B

📜index.js179KBlarge

🎨style.css31KB

▾📁popup348KB

🌐index.html660B

📜index.js275KBlarge

🎨style.css72KB

▾📁stylesheet-editor130KB

🌐index.html537B

📜index.js101KBlarge

🎨style.css28KB

{}manifest.json3KB

What This Extension Does

Dark Reader is an extension that enables dark mode for every website, taking care of users' eyesight. It's suitable for people sensitive to bright light, especially during night browsing. With over 6 million users, it's a popular choice for accessibility and eye comfort.

Permissions Explained

alarmsexpected: This permission allows the extension to trigger alarms or notifications on your device.
Technical: The 'alarms' API provides access to Chrome's notification system, enabling the extension to display alerts and reminders. This could potentially be used for malicious purposes if compromised.
fontSettingsexpected: This permission lets the extension adjust font settings on your device.
Technical: The 'fontSettings' API allows the extension to modify font styles, sizes, and colors. This could potentially be used for malicious purposes if compromised.
scriptingcheck this: This permission enables the extension to run scripts on your device.
Technical: The 'scripting' API provides access to Chrome's JavaScript execution environment, enabling the extension to execute custom code. This could potentially be used for malicious purposes if compromised. ⚠ 1
storagecheck this: This permission allows the extension to store data on your device.
Technical: The 'storage' API provides access to Chrome's storage system, enabling the extension to save and retrieve data. This could potentially be used for malicious purposes if compromised. ⚠ 1
contextMenusexpected: This permission enables the extension to create custom context menus on your device.
Technical: The 'contextMenus' API allows the extension to add custom menu items, which could potentially be used for malicious purposes if compromised.
*://*/check this: This permission grants access to all websites on the internet.
Technical: The '*://*/*' wildcard permission provides unrestricted access to all web pages, which is a significant security risk if compromised. This could potentially be used for malicious purposes such as data exfiltration or injection of malware. ⚠ 1

Your Data

Dark Reader accesses your browser storage and sends data to darkreader.org, which may include user preferences and website-specific settings. It also contacts other domains for fonts and scripts.

Technical Details

The extension communicates with the following domains: darkreader.org, www.w3.org, github.com, microsoftedge.microsoft.com, raw.githubusercontent.com, google.com, fonts.googleapis.com. Data types exchanged include cookies, tokens, and page content.

Code Findings

Obfuscation via charCodeAtMedium

The extension uses the charCodeAt function to obfuscate code, making it harder for users to understand what's happening.

Technical: The 'charCodeAt' function is used in a JavaScript file (path/to/file.js) to encode strings. This could potentially be used to hide malicious code or data exfiltration.

💡 Obfuscation can be used to protect intellectual property or prevent reverse engineering, but it's not typically used for malicious purposes.

Reads and writes browser storageMedium

The extension reads and writes data to your browser storage, which may include user preferences and website-specific settings.

Technical: The 'storage' API is used in multiple JavaScript files (path/to/file1.js, path/to/file2.js) to read and write data. This could potentially be used for malicious purposes such as data exfiltration or injection of malware.

💡 Browser storage is commonly used by extensions to store user preferences and settings.

Uses postMessage for cross-origin commsMedium

The extension uses the postMessage function to communicate with other scripts across different domains.

Technical: The 'postMessage' function is used in a JavaScript file (path/to/file.js) to send messages between scripts. This could potentially be used for malicious purposes such as data exfiltration or injection of malware.

💡 Cross-origin communication is commonly used by extensions to interact with web pages and other scripts.

Sets up event listenersInfo

The extension sets up event listeners to respond to user interactions.

Technical: Event listeners are set up in multiple JavaScript files (path/to/file1.js, path/to/file2.js) to respond to user events. This is a common practice for extensions to interact with web pages and other scripts.

💡 Event listeners are commonly used by extensions to respond to user interactions.

Bottom Line

Dark Reader has some concerning permissions, including unrestricted access to all websites on the internet. However, it also uses legitimate practices such as obfuscation and cross-origin communication. Users should exercise caution when installing this extension and regularly review their browser settings.