ExtensionPedia
ImTranslator: Translator, Dictionary, TTS

ImTranslator: Translator, Dictionary, TTS

Translator, Dictionary, Voice

Risk Analysis CVEs Behavioral Detections Permissions Host Permissions Secrets Privacy policy
Send Feedback
Risk Summary

2.7 /10

Low Risk

For extension version 18.0

Latest Version
Critical Permissions Severity
1 CVE
Updated Version Age
Manifest V3
Available in Chrome Web Store
Privacy Policy Available
Fair Engagement Rate
CVEs (1)
ID Severity CVSS
CVE-2026-0540

DOMPurify 3.1.3 through 3.3.1 and 2.5.3 through 2.5.8, fixed in commit 729097f, contain a cross-site scripting vulnerability that allows attackers to bypass attribute sanitization by exploiting five missing rawtext elements (noscript, xmp, noembed, noframes, iframe) in the SAFE_FOR_XML regex. Attackers can include payloads like </noscript><img src=x onerror=alert(1)> in attribute values to execute JavaScript when sanitized output is placed inside these unprotected rawtext contexts.

Moderate
6.1
Behavioral Detections

Behavioral Detections

Unlock the full MITRE ATT&CK matrix

Request a Demo
Permissions (4)
Name Severity
Scripting

Extensions with the scripting permission can inject and execute code in web pages, which can potentially be used for data exfiltration or session hijacking (requires host permissions, available since Manifest V3).

Critical
Tabs

Extensions with the tabs permission can query the url, pendingUrl, title, and favIconUrl of any tab.

High
Context Menus

Extensions with the contextMenus permission can add items to the browser's context menu (also known as the right-click menu).

Medium
Storage

Extensions with the storage permission can store and retrieve user data, which can persist even after clearing the cache and browsing history.

Medium
Host Permissions (2)
http://*/*
https://*/*
Secrets

Not Scanned

This extension has not been scanned for embedded secrets yet

Privacy Policy

Privacy Policy

Unlock privacy policy risk assessment

Request a Demo