Anydoc Translator Transla
✨ AI-Powered 🔍 Security Report Available View on Chrome Web StoreChrome will indicate if you already have this installed.
Overview
Free AI Translation Plugin – Fast, Accurate, and Perfectly Preserves Formatting.
Supports translation of web pages, documents, text, and bilingual subtitles for videos. Compatible with multiple AI models, including ChatGPT, DeepSeek, and Gemini. Whether for studying, research, or watching foreign-language videos, it helps you handle everything with ease.
🌟 Core Features
1 Web Page Translation 🌐
Supports one-click webpage translation, automatically detects the language, and instantly turns any foreign website into a bilingual reading experience. Whether for casual browsing or serious study, the smart side-by-side layout makes understanding effortless.
Supports webpage screenshot functionality, allowing you to save the translated page as an image with one click.
2 Word & Phrase Translation 🖱️
Simply highlight any word or sentence to receive instant, accurate translation. Also supports AI-powered word explanations to help you stay focused while exploring new languages — perfect for deep reading or relaxed learning.
3 Document & Image Translation 📄
Upload files with one click to receive accurate translations while preserving the original formatting — no need to manually adjust fonts, tables, or images.
Supports 30+ file formats, including PDF, Word, PowerPoint, and all image formats — ideal for both daily work and professional use.
Academic Mode — Perfect for research papers, theses, and scholarly articles. Equations, citations, and references are precisely retained and compatible with platforms like arXiv, Core, and MDPI.
4 Multi-Model Powered Translator
Choose the most suitable AI engine for your task — supports DeepSeek, ChatGPT, Gemini, Claude Haiku, and more. Whether you prioritize speed, translation quality, or free usage, Anydoc lets you switch effortlessly to get smarter, context-aware translations tailored to your needs.
5 Right-to-Left Language Support
Accurately translates into RTL languages such as Arabic, Hebrew, and Urdu, while fully respecting the original layout. Paragraphs, punctuation, bullet points, and images are perfectly mirrored, delivering a polished, ready-to-publish RTL output.
6 Video Subtitle Translation 🎬
Open any YouTube video and generate bilingual subtitles with one click. Supports automatic timeline alignment, ensuring every line matches the scene precisely. Whether learning a language, watching international lectures, or enjoying entertainment content, you can overcome language barriers and enjoy a smooth, immersive viewing experience.
👥 Ideal For
📚 Students & Researchers — Easily read academic papers, textbooks, and scientific literature.
🌐 Language Enthusiasts & Learners — Practice languages and understand cultures with bilingual content.
💻 Developers & Tech Professionals — Quickly grasp technical documentation and forum discussions.
📑 Business & Corporate Users — Accurate translations for contracts, emails, and official documents.
📖 Global Literature & Web Fiction Fans — Enjoy foreign novels, fanfiction, and online stories.
🔵 Try Anydoc Translator and experience the power of language freedom! 🔵
Membership Benefits: Provides high-quality translation powered by leading AI models such as DeepSeek, ChatGPT (OpenAI), Claude Haiku, and Gemini (Google). Supports unlimited page translations and watermark-free document export. Current pricing: 3-day trial free, $7.99 per month, or $71.88 per year.
Tags
Privacy Practices
Security Analysis — Anydoc Translator Transla
Permissions
Code Patterns Detected
External Connections
Package Contents 165 files · 7.4MB
What This Extension Does
The Anydoc Translator Transla extension provides AI-powered translation capabilities for web pages, documents, text, images, and video subtitles. It supports multiple languages and models, making it a useful tool for students, researchers, language learners, developers, and business users. However, its broad permissions and potential code vulnerabilities raise some concerns.
Permissions Explained
- contextMenusexpected: This permission allows the extension to add custom context menu items to web pages.
Technical: Chrome API: chrome.contextMenus.create() - allows injection of arbitrary HTML and JavaScript code into the page's context menu. - storageexpected: This permission enables the extension to store data locally on your device.
Technical: Chrome API: chrome.storage.local.get/set() - allows access to local storage, which can be used for storing sensitive user data or tracking behavior. - unlimitedStoragecheck this: This permission grants the extension unlimited storage capacity on your device.
Technical: Chrome API: chrome.storage.local.get/set() with no quota restrictions - allows for potentially large-scale data storage, which can be used for tracking or storing sensitive user data. ⚠ 1 - clipboardWritecheck this: This permission enables the extension to write data to your clipboard.
Technical: Chrome API: chrome.clipboard.write() - allows arbitrary text or HTML code to be written to the clipboard, potentially leading to XSS attacks. ⚠ 1 - tabsexpected: This permission grants the extension access to your browsing history and tabs.
Technical: Chrome API: chrome.tabs.get() - allows access to tab metadata, including URL, title, and content scripts. - scriptingcheck this: This permission enables the extension to execute arbitrary JavaScript code on web pages.
Technical: Chrome API: chrome.tabs.executeScript() - allows injection of custom scripts into web pages, potentially leading to XSS attacks or data exfiltration. ⚠ 1 - activeTabexpected: This permission grants the extension access to your currently active tab.
Technical: Chrome API: chrome.tabs.get() - allows access to tab metadata, including URL and content scripts. - cookiescheck this: This permission enables the extension to read and write cookies on web pages.
Technical: Chrome API: chrome.cookies.get/set() - allows access to cookie data, potentially leading to session hijacking or tracking. ⚠ 1 - nativeMessagingcheck this: This permission grants the extension access to native messaging APIs on your device.
Technical: Chrome API: chrome.runtime.connectNative() - allows communication with native applications, potentially leading to data exfiltration or privilege escalation. ⚠ 1 - *://*/*check this: This permission grants the extension access to all web pages and domains.
Technical: Chrome API: chrome.tabs.get() with wildcard host permissions - allows arbitrary injection of scripts or data into any web page, potentially leading to XSS attacks or data exfiltration. ⚠ 1
Your Data
The extension accesses your browsing history, cookies, and clipboard content. It also sends data to various translation APIs, including Yandex Translate, Google Translate, and Microsoft Translator.
Technical Details
Code Findings
The extension dynamically imports JavaScript files using the import() function, which can potentially lead to code injection attacks.
Technical: The extension uses the import() function to load JavaScript files from its own directory. This allows for arbitrary code execution and potential code injection attacks.
💡 Dynamic JS import is commonly used in legitimate extensions to load custom scripts or libraries.
The extension assigns innerHTML values to elements, which can potentially lead to XSS attacks.
Technical: The extension uses the innerHTML property to assign arbitrary HTML code to elements. This allows for potential XSS attacks or data exfiltration.
💡 innerHTML assignment is commonly used in legitimate extensions to inject custom content into web pages.
The extension uses charCodeAt() and unescape() functions, which can potentially lead to code obfuscation or data exfiltration.
Technical: The extension uses the charCodeAt() function to manipulate character codes, and the unescape() function to decode escaped characters. This allows for potential code obfuscation or data exfiltration.
💡 charCodeAt() and unescape() are commonly used in legitimate extensions to perform string manipulation or decoding.
The extension makes XHR requests to various translation APIs, which can potentially lead to data exfiltration or tracking.
Technical: The extension uses the XMLHttpRequest object to make requests to the following domains: www.w3.org, translate.yandex.net, translate-pa.googleapis.com, api-edge.cognitive.microsofttranslator.com, edge.microsoft.com, ovs-shopwindow-server.wps.com, transmart.qq.com, api.wps.com, account.wps.com, www.google-analytics.com, checkout.wps.com, feross.org.
💡 XHR requests are commonly used in legitimate extensions to communicate with external APIs or services.
The extension uses the Fetch API to make requests to various translation APIs, which can potentially lead to data exfiltration or tracking.
Technical: The extension uses the Fetch API to make requests to the following domains: www.w3.org, translate.yandex.net, translate-pa.googleapis.com, api-edge.cognitive.microsofttranslator.com, edge.microsoft.com, ovs-shopwindow-server.wps.com, transmart.qq.com, api.wps.com, account.wps.com, www.google-analytics.com, checkout.wps.com, feross.org.
💡 Fetch API is commonly used in legitimate extensions to communicate with external APIs or services.
The extension runs on all web pages, which can potentially lead to data exfiltration or tracking.
Technical: The extension has a wildcard host permission (*://*/*), allowing it to inject scripts or data into any web page.
💡 Wildcard host permissions are commonly used in legitimate extensions to provide universal functionality.
The extension has broad host permissions, which can potentially lead to data exfiltration or privilege escalation.
Technical: The extension has a wildcard host permission (*://*/*), allowing it to inject scripts or data into any web page. This also allows for potential data exfiltration or privilege escalation.
💡 Wildcard host permissions are commonly used in legitimate extensions to provide universal functionality.
The extension creates custom context menu items, which can potentially lead to code injection attacks or data exfiltration.
Technical: The extension uses the chrome.contextMenus.create() function to create custom context menu items. This allows for potential code injection attacks or data exfiltration.
💡 Context menu creation is commonly used in legitimate extensions to provide custom functionality.
The extension uses the postMessage() function to communicate with other scripts across origins, which can potentially lead to data exfiltration or tracking.
Technical: The extension uses the postMessage() function to send messages to other scripts across origins. This allows for potential data exfiltration or tracking.
💡 postMessage() is commonly used in legitimate extensions to communicate with external APIs or services.
The extension sets up event listeners, which can potentially lead to data exfiltration or tracking.
Technical: The extension uses the addEventListener() function to set up event listeners. This allows for potential data exfiltration or tracking.
💡 Event listener setup is commonly used in legitimate extensions to provide custom functionality.
While the Anydoc Translator Transla extension provides useful translation capabilities, its broad permissions and potential code vulnerabilities raise some concerns. Users should exercise caution when installing this extension and regularly review its behavior to ensure it aligns with their expectations.
