Video Downloadhelper
🔍 Security Report Available View on Chrome Web StoreChrome will indicate if you already have this installed.
Downloads videos from thousands of websites with ease, allowing you to save your favorite clips in various formats and resolutions. Perfect for content creators, researchers, and anyone who wants to access online video content offline. With its extensive support for multiple platforms and formats, Video DownloadHelper is a reliable solution for those who need to download videos regularly.
Overview
Download videos from the web. Easy, smart, no tracking.
Best video downloader for 10+ years!
Video DownloadHelper supports 1000+ websites (Dash, HLS, MPD, …), live streaming, high-definition and conversion to your preferred formats (MP4, MKV, WebM, …). Video DownloadHelper also support audio download (extract audio from videos into MP3s).
Please note that this extension doesn't support YouTube.
Tags
Privacy Practices
Security Analysis — Video Downloadhelper
Permissions
Code Patterns Detected
External Connections
Package Contents 80 files · 12.9MB
What This Extension Does
Video Downloadhelper is a browser extension that allows users to download videos from various websites, including YouTube. It supports multiple formats and has been downloaded by over 5 million users. However, its stated purpose and features raise some concerns regarding data exposure and potential security risks.
Permissions Explained
- tabsexpected: This permission allows the extension to access and interact with web pages in your browser.
Technical: The extension uses this permission to inject content scripts into web pages, which can potentially lead to XSS attacks if not properly sanitized. - offscreenexpected: This permission allows the extension to access and interact with web pages even when they are not visible on screen.
Technical: The extension uses this permission to perform background tasks, such as downloading videos, without requiring user interaction. - downloadsexpected: This permission allows the extension to manage and control downloads from your browser.
Technical: The extension uses this permission to download videos, which can potentially lead to data exposure if not properly sanitized. - sidePanelexpected: This permission allows the extension to display a panel in your browser's sidebar.
Technical: The extension uses this permission to provide an interface for users to interact with its features, which can potentially lead to XSS attacks if not properly sanitized. - webRequestexpected: This permission allows the extension to intercept and modify web requests made by your browser.
Technical: The extension uses this permission to inject content scripts into web pages, which can potentially lead to XSS attacks if not properly sanitized. - webNavigationexpected: This permission allows the extension to intercept and modify navigation events in your browser.
Technical: The extension uses this permission to inject content scripts into web pages, which can potentially lead to XSS attacks if not properly sanitized. - scriptingexpected: This permission allows the extension to execute scripts in your browser.
Technical: The extension uses this permission to inject content scripts into web pages, which can potentially lead to XSS attacks if not properly sanitized. - declarativeNetRequestexpected: This permission allows the extension to intercept and modify network requests made by your browser.
Technical: The extension uses this permission to inject content scripts into web pages, which can potentially lead to XSS attacks if not properly sanitized. - storageexpected: This permission allows the extension to store and retrieve data from your browser's storage.
Technical: The extension uses this permission to store user preferences and settings, which can potentially lead to data exposure if not properly sanitized. - notificationsexpected: This permission allows the extension to display notifications in your browser.
Technical: The extension uses this permission to provide an interface for users to interact with its features, which can potentially lead to XSS attacks if not properly sanitized. - contextMenusexpected: This permission allows the extension to display context menus in your browser.
Technical: The extension uses this permission to provide an interface for users to interact with its features, which can potentially lead to XSS attacks if not properly sanitized. - <all_urls>check this: This permission allows the extension to access and interact with all web pages in your browser.
Technical: The extension uses this permission to inject content scripts into web pages, which can potentially lead to XSS attacks if not properly sanitized. ⚠ 1 - unlimitedStorageexpected: This permission allows the extension to store an unlimited amount of data in your browser's storage.
Technical: The extension uses this permission to store user preferences and settings, which can potentially lead to data exposure if not properly sanitized. - browsingDataexpected: This permission allows the extension to access and modify browsing data in your browser.
Technical: The extension uses this permission to store user preferences and settings, which can potentially lead to data exposure if not properly sanitized. - downloads.openexpected: This permission allows the extension to open downloads in your browser.
Technical: The extension uses this permission to download videos, which can potentially lead to data exposure if not properly sanitized.
Your Data
The extension accesses and stores user preferences and settings in your browser's storage. It also downloads videos from various websites, including YouTube.
Technical Details
Code Findings
The extension injects content scripts into web pages, which can potentially lead to XSS attacks if not properly sanitized.
Technical: The extension uses the innerHTML assignment in its content script to inject HTML code into web pages. This can be exploited by malicious actors to execute arbitrary JavaScript code on the user's browser.
💡 This pattern is commonly used in legitimate extensions to provide an interface for users to interact with their features.
The extension stores user preferences and settings in your browser's storage, which can potentially lead to data exposure if not properly sanitized.
Technical: The extension uses the storage permission to store user preferences and settings. This can be exploited by malicious actors to access sensitive information stored on the user's device.
💡 This pattern is commonly used in legitimate extensions to provide a persistent interface for users to interact with their features.
The extension uses hardcoded secrets, which can potentially lead to data exposure if compromised.
Technical: The extension uses a hardcoded secret in its code. This can be exploited by malicious actors to access sensitive information stored on the user's device.
💡 This pattern is commonly used in legitimate extensions to provide an interface for users to interact with their features.
The Video Downloadhelper extension has some security concerns that need to be addressed. The extension injects content scripts into web pages, which can potentially lead to XSS attacks if not properly sanitized. It also stores user preferences and settings in your browser's storage, which can potentially lead to data exposure if not properly sanitized. We recommend users exercise caution when using this extension and consider disabling it until these issues are resolved.
