Take Webpage Screenshots

Name: Security Analysis: Take Webpage Screenshots
Item: Take Webpage Screenshots
Rating: 5
Author: ChromeBoard

🔍 Security Report Available

👥 3M+ users

📦 v2.1.4.7

💾 11.81MiB

📅 2026-01-19

View on Chrome Web Store

Chrome will indicate if you already have this installed.

Overview

FireShot helps you:

• Save receipts, tickets, and order confirmations
• Capture long articles, research, and documentation
• Share design reviews, bug reports, and product ideas
• Keep permanent records of web pages that may change or disappear

🔒 Screenshot is done instantly and stored locally. It never leaves your computer, so it's 100% safe for storing a sensitive information. FireShot can work offline.

🏆 Awarded as "The Best Free Google Chrome Extension (Full Page Screenshot Tool)" by PCMAG.COM

🛑 No spyware and unnecessary permissions - you're just in a couple of clicks away from an ideal screenshot.

Top 7️⃣ reasons to install FireShot:

1️⃣ Save screenshot to disk as PDF (with links), PNG, and JPEG
2️⃣ Capture entire page, visible part of the web page or just a selection
3️⃣ Automatically capture all tabs to PDF or image 🔥 (https://getfireshot.com/demos/capture-all-tabs.php)
4️⃣ Provide a list of URLs for an automatic batch capturing process 🔥 (https://getfireshot.com/demos/capture-website-urls.php)
5️⃣ Attach screenshot to Gmail
6️⃣ Copy screenshot to clipboard
7️⃣ Print

### An upgrade is available. Activate it directly from the menu and:

✓ PDF with direct links and text, can be saved as a single page or split to pages
✓ Capture specific elements, such as scrolling areas on web pages (https://getfireshot.com/selection.php)
✓ Capture all tabs in one click and save to single PDF (https://getfireshot.com/demos/capture-all-tabs.php)
✓ Edit: crop, resize, add text and arrow annotations, blur areas and apply other effects
✓ Send to OneNote (Pro version)
✓ Save captures to disk as PNG, GIF, JPEG, BMP
✓ Upload to Twitter, ImageShack, Flickr, EasyCaptures, custom FTP or HTTP servers
✓ Copy to clipboard
✓ Print
✓ E-Mail
✓ Export captures to external editor
✓ Add page information to screenshot (URL, title, time, domain, etc)

Privacy Practices

✓ Not being sold to third parties, outside of the approved use cases

✓ Not being used or transferred for purposes that are unrelated to the item's core functionality

✓ Not being used or transferred to determine creditworthiness or for lending purposes

v2.1.4.7 Info Scanned Mar 5, 2026

Security Analysis — Take Webpage Screenshots

Analyzed v2.1.4.7 · Mar 5, 2026 · 29 JS files · 4968 KB scanned

Permissions

Code Patterns Detected

External Connections

www.w3.org getfireshot.com reactjs.org ssl.getfireshot.com mail.google.com auth.getfireshot.com github.com screenshot-program.com www.example.com docs.sentry.io tinyurl.com bit.ly +8 more

Package Contents 179 files · 39MB

▾📁_locales762KB

▾📁af7KB

{}messages.json7KB

▾📁ar33KB

{}messages.json33KB

▾📁bs7KB

{}messages.json7KB

▾📁ca7KB

{}messages.json7KB

▾📁cs12KB

{}messages.json12KB

▾📁da29KB

{}messages.json29KB

▾📁de30KB

{}messages.json30KB

▾📁el10KB

{}messages.json10KB

▾📁en27KB

{}messages.json27KB

▾📁es30KB

{}messages.json30KB

▾📁et7KB

{}messages.json7KB

▾📁fa9KB

{}messages.json9KB

▾📁fi29KB

{}messages.json29KB

▾📁fr30KB

{}messages.json30KB

▾📁gl7KB

{}messages.json7KB

▾📁gu10KB

{}messages.json10KB

▾📁hu8KB

{}messages.json8KB

▾📁id7KB

{}messages.json7KB

▾📁is7KB

{}messages.json7KB

▾📁it30KB

{}messages.json30KB

▾📁ja32KB

{}messages.json32KB

▾📁kn11KB

{}messages.json11KB

▾📁ko29KB

{}messages.json29KB

▾📁ml12KB

{}messages.json12KB

▾📁ms7KB

{}messages.json7KB

▾📁nb7KB

{}messages.json7KB

▾📁ne11KB

{}messages.json11KB

▾📁nl29KB

{}messages.json29KB

▾📁pl30KB

{}messages.json30KB

▾📁pt30KB

{}messages.json30KB

▾📁pt_BR17KB

{}messages.json17KB

▾📁ro7KB

{}messages.json7KB

▾📁ru37KB

{}messages.json37KB

▾📁si11KB

{}messages.json11KB

▾📁sk7KB

{}messages.json7KB

▾📁sl7KB

{}messages.json7KB

▾📁sq7KB

{}messages.json7KB

▾📁sv29KB

{}messages.json29KB

▾📁te10KB

{}messages.json10KB

▾📁th11KB

{}messages.json11KB

▾📁tl7KB

{}messages.json7KB

▾📁tr7KB

{}messages.json7KB

▾📁uk9KB

{}messages.json9KB

▾📁vi7KB

{}messages.json7KB

▾📁zh_CN27KB

{}messages.json27KB

▾📁zh_TW27KB

{}messages.json27KB

▾📁_metadata23KB

{}verified_contents.json23KB

▾📁css355KB

▾📁vue120KB

🎨chunk-vendors.css115KB

🎨vue-index.css5KB

🎨bootstrap.min.css110KB

🎨bootstrap.original.min.css107KB

🎨fsautomationbanner.css3KB

🎨fscaptured.css6KB

🎨fshistory.css2KB

🎨fsmodal.css640B

🎨fspopup.css5KB

🎨fsselection.css2KB

▾📁fonts144KB

📄glyphicons-halflings-regular.eot20KB

🖼glyphicons-halflings-regular.svg61KB

🔤glyphicons-halflings-regular.ttf40KB

🔤glyphicons-halflings-regular.woff23KB

▾📁images564KB

▾📁progress15KB

🖼frame-1.png529B

🖼frame-10.png535B

🖼frame-11.png541B

🖼frame-12.png516B

🖼frame-13.png531B

🖼frame-14.png503B

🖼frame-15.png506B

🖼frame-16.png525B

🖼frame-17.png518B

🖼frame-18.png492B

🖼frame-19.png502B

🖼frame-2.png535B

🖼frame-20.png480B

🖼frame-21.png521B

🖼frame-22.png519B

🖼frame-23.png542B

🖼frame-24.png541B

🖼frame-25.png546B

🖼frame-26.png536B

🖼frame-27.png518B

🖼frame-28.png520B

🖼frame-29.png520B

🖼frame-3.png484B

🖼frame-30.png499B

🖼frame-4.png498B

🖼frame-5.png488B

🖼frame-6.png513B

🖼frame-7.png531B

🖼frame-8.png538B

🖼frame-9.png525B

🖼arrow.png209B

🖼batch.png871B

🖼bullet.png346B

🖼capture_mode_browser.png222B

🖼capture_mode_full.png346B

🖼capture_mode_selected.png281B

🖼capture_mode_tabs.png220B

🖼capture_mode_visible.png317B

🖼copy.gif229KB

🖼download.png14KB

🖼gmail_permissions.png19KB

🖼gmail_permissions_mac.png53KB

🖼marker.png153B

🖼misc.png14KB

🖼nativestep1-opera.png18KB

🖼nativestep1.png29KB

🖼nativestep2.png24KB

🖼not-available.png19KB

🖼options.png1KB

🖼permissions.png14KB

🖼plus.png308B

🖼promo-back.svg9KB

🖼promo-feature-capturing.png2KB

🖼promo-feature-edit.png3KB

🖼promo-feature-noads.png3KB

🖼promo-feature-pdf.png2KB

🖼promo-fs-payment-methods.png20KB

🖼promo-pro-logo.png10KB

🖼quicklaunch.png753B

🖼rocket.png794B

🖼rolling.gif37KB

🖼scrollable.gif3KB

🖼sss_128.png14KB

🖼sss_16.png594B

🖼sss_19.png790B

🖼sss_32.png2KB

🖼sss_48.png3KB

🖼stop.png3KB

▾📁native31.9MB

📄fireshot-chrome-plugin.dat710KB

📄sss-x64.dat21.4MB

📄sss.dat9.8MB

▾📁scripts5.1MB

▾📁3p1.6MB

📜bootstrap.min.js31KB

📜inboxsdk.js1.3MBlarge

📜jquery-3.3.1.min.js85KBlarge

📜pageWorld.js212KBlarge

▾📁enc314KB

📜fsEncoder.js32KB

⚙fsEncoder.wasm266KB

📜fsWorker.js17KB

▾📁history399KB

📜bundle.js399KBlarge

▾📁page64KB

📜fsAPIEvents.js1KB

📜fsActivation.js1KB

📜fsAutomationBanner.js3KB

📜fsContent.js54KBlarge

📜fsFrames.js5KB

▾📁vue763KB

📜chunk-vendors.js701KBlarge

📜vue-index.js62KBlarge

📜fsCaptureList.js208KBlarge

📜fsCaptured.js234KBlarge

📜fsCopilotLimited.js88KBlarge

📜fsEnterLicense.js94KBlarge

📜fsLicensingInfoPopup.js208KBlarge

📜fsMigrateOptions.js645B

📜fsNativeInstall.js96KBlarge

📜fsOptions.js217KBlarge

📜fsPDFSettings.js87KBlarge

📜fsPermissions.js89KBlarge

📜fsPopup.js226KBlarge

📜fsProgress.js88KBlarge

📜fsPromoDialog.js87KBlarge

📜fsServiceWorker.js244KBlarge

📜fsTabsPermissionPopup.js86KBlarge

🌐fsCaptureList.html10KB

🌐fsCaptured.html37KB

🌐fsCopilotLimited.html3KB

🌐fsEnterLicense.html12KB

🌐fsGmailPermissions.html7KB

🌐fsHistory.html609B

🌐fsLicensingInfoPopup.html8KB

🌐fsMigrateOptions.html230B

🌐fsNativeInstall.html9KB

🌐fsOptions.html20KB

🌐fsPDFSettings.html1KB

🌐fsPermissions.html7KB

🌐fsPopup.html13KB

🌐fsProgress.html2KB

🌐fsPromoDialog.html8KB

🌐fsTabsPermissionPopup.html2KB

{}manifest.json2KB

What This Extension Does

The Take Webpage Screenshots extension, also known as FireShot, allows users to capture full webpage screenshots, edit them, and save them to various formats. It's designed for productivity and development purposes, helping users save receipts, tickets, and order confirmations, among other tasks.

Permissions Explained

storageexpected: This permission allows the extension to store data locally on your device.
Technical: The extension has access to Chrome's storage API, which enables it to save and retrieve data from local storage. This includes storing screenshots, configuration settings, and other user-generated content.
alarmsexpected: This permission allows the extension to schedule tasks or reminders in the background.
Technical: The extension uses Chrome's alarms API to schedule tasks, such as uploading screenshots or sending notifications. This can be used for legitimate purposes like reminding users about uploaded files.
scriptingexpected: This permission allows the extension to execute scripts in the background.
Technical: The extension uses Chrome's scripting API to execute JavaScript code, which enables features like screenshot editing and uploading. This can be used for legitimate purposes like automating tasks or enhancing user experience.
activeTabexpected: This permission allows the extension to access the currently active tab's content.
Technical: The extension uses Chrome's activeTab API to access the current tab's URL, title, and other metadata. This enables features like automatic screenshot capture and editing.
nativeMessagingcheck this: This permission allows the extension to communicate with native applications on your device.
Technical: The extension uses Chrome's nativeMessaging API to communicate with external applications, which can be used for legitimate purposes like integrating with other productivity tools. However, this also introduces a potential attack surface if compromised. ⚠ 1
contextMenusexpected: This permission allows the extension to create custom context menus in Chrome.
Technical: The extension uses Chrome's contextMenus API to create custom menus, which enables features like screenshot editing and uploading. This can be used for legitimate purposes like enhancing user experience.
tabsexpected: This permission allows the extension to access and manipulate tabs in Chrome.
Technical: The extension uses Chrome's tabs API to access and manipulate tabs, which enables features like automatic screenshot capture and editing. This can be used for legitimate purposes like automating tasks or enhancing user experience.
downloadsexpected: This permission allows the extension to download files from the web.
Technical: The extension uses Chrome's downloads API to download files, which enables features like saving screenshots in various formats. This can be used for legitimate purposes like saving receipts or tickets.

Your Data

The extension accesses data on your device through local storage and the active tab's content. It sends data to various domains, including getfireshot.com, mail.google.com, and auth.getfireshot.com.

Technical Details

The extension makes XHR requests to various domains, including www.w3.org, getfireshot.com, reactjs.org, ssl.getfireshot.com, mail.google.com, auth.getfireshot.com, github.com, screenshot-program.com, www.example.com, docs.sentry.io, tinyurl.com, and bit.ly. It also uses the Fetch API to make requests. The extension stores data locally on your device through Chrome's storage API.

Code Findings

Loads external scripts in service workerHigh

This means that the extension loads JavaScript code from an external source, which can potentially introduce security risks if compromised.

Technical: The extension uses a service worker to load external scripts, which enables features like screenshot editing and uploading. However, this also introduces a potential attack surface if compromised.

💡 This pattern is commonly used in legitimate extensions for automating tasks or enhancing user experience.

innerHTML assignment — potential XSS vectorMedium

This means that the extension uses a potentially vulnerable method to assign HTML content, which can be exploited by attackers if not properly sanitized.

Technical: The extension uses innerHTML assignment in certain code paths, which can be used as an XSS vector if not properly sanitized. This is a common pattern in web development, but it requires careful attention to security best practices.

💡 This pattern is commonly used in legitimate extensions for rendering HTML content or editing user input.

Creates script elements dynamicallyHigh

This means that the extension creates new script elements at runtime, which can potentially introduce security risks if compromised.

Technical: The extension uses dynamic script creation to load external scripts or execute JavaScript code. This introduces a potential attack surface if compromised.

💡 This pattern is commonly used in legitimate extensions for automating tasks or enhancing user experience.

Captures keystrokesCritical

This means that the extension has access to your keyboard input, which can be used for malicious purposes if compromised.

Technical: The extension uses Chrome's keyboard API to capture keystrokes, which enables features like automatic screenshot editing and uploading. However, this also introduces a significant security risk if compromised.

💡 This pattern is not commonly used in legitimate extensions, as it can be considered an overreach of permissions.

Bottom Line

The Take Webpage Screenshots extension has some concerning findings, including the use of nativeMessaging and dynamic script creation. However, these features are also used by legitimate extensions for automating tasks or enhancing user experience. The extension's data exposure is moderate, with access to local storage and active tab content. Users should exercise caution when installing this extension and monitor its behavior closely.