Browse Security AI Extensions Collections
📦

DeepL: translate and write with AI

✨ AI-Powered 🔍 Security Report Available
👥 4M+ users
📦 v1.74.0
💾 53.49MiB
📅 2026-02-16
View on Chrome Web Store

Chrome will indicate if you already have this installed.

Overview

Translate while you read and write with DeepL Translate, the world’s most accurate translator.

Tags

Productivity/communication productivity/communication

Privacy Practices

✅ Does not sell your data to third parties
✅ Does not use data for unrelated purposes

Security Analysis

Analyzed v1.74.0 · Feb 22, 2026 · 13 JS files · 23104 KB scanned

Permissions

activeTab storage contextMenus tabs scripting declarativeNetRequest identity tts alarms webRequest cookies sidePanel *://*.deepl.com/* https://api-test.deepl.com/v1/* https://api.deepl.com/v1/*

Code Patterns Detected

innerHTML assignment — potential XSS vector Makes HTTP requests Listens to keyboard events

External Connections

www.deepl.com w.deepl.com www.w3.org api.deepl.com support.deepl.com www2.deepl.com write-pro.www.deepl.com write-free.www.deepl.com deepl.qualtrics.com addons.mozilla.org s.deepl.com auth.deepl.com +8 more

Package Contents 231 files · 71MB

📁_locales1.9MB
📁ar113KB
{}messages.json113KB
📁cs100KB
{}messages.json100KB
📁de100KB
{}messages.json100KB
📁en96KB
{}messages.json96KB
📁es98KB
{}messages.json98KB
📁fr100KB
{}messages.json100KB
📁id100KB
{}messages.json100KB
📁it98KB
{}messages.json98KB
📁ja105KB
{}messages.json105KB
📁jp23KB
{}messages.json23KB
📁ko101KB
{}messages.json101KB
📁nl98KB
{}messages.json98KB
📁pl100KB
{}messages.json100KB
📁pt_BR98KB
{}messages.json98KB
📁pt_PT98KB
{}messages.json98KB
📁ru120KB
{}messages.json120KB
📁sv100KB
{}messages.json100KB
📁tr99KB
{}messages.json99KB
📁uk122KB
{}messages.json122KB
📁zh_CN92KB
{}messages.json92KB
📁_metadata32KB
{}verified_contents.json32KB
📁build5.2MB
🎨bundle.css158KB
📜bundle.js680KBlarge
🎨content.css147KB
📜content.js1MBlarge
🎨create-account.css4KB
📜create-account.js425KBlarge
🎨onboarding.css12KB
📜onboarding.js468KBlarge
🎨settings-page.css163KB
📜settings-page.js701KBlarge
🎨sidePanel.css164KB
📜sidePanel.js1.3MBlarge
📁images1MB
📁buttons13KB
🖼close-dark.svg270B
🖼close-red.svg635B
🖼close-white.svg217B
🖼close-zendesk.svg219B
🖼close.svg635B
🖼copy-active.svg741B
🖼copy.svg741B
🖼external-link-variant.svg465B
🖼external-link.svg411B
🖼gdocs-replace.svg248B
🖼listen-stop.svg610B
🖼listen.svg551B
🖼menu-icon.svg222B
🖼settings-inline.svg2KB
🖼settings-input-blue.svg1KB
🖼settings-input.svg1KB
🖼settings.svg2KB
🖼turnoff-blue.svg335B
🖼turnoff.svg335B
📁graphics733KB
📁gdocs13KB
🖼onboarding.svg6KB
🖼toolbar_icon_onboarding.svg7KB
📁gslides10KB
🖼onboarding.svg10KB
📁onboarding315KB
📁most-used-apps284KB
🖼add-ins.svg32KB
🖼discord.svg2KB
🖼facebook.svg830B
🖼gdocs.png6KB
🖼gdocs.svg84KB
🖼github.svg3KB
🖼gmail.png5KB
🖼gmail.svg64KB
🖼gslides.png14KB
🖼gslides.svg9KB
🖼msword.svg36KB
🖼reddit.svg4KB
🖼telegram.svg993B
🖼twitter.svg1KB
🖼whatsapp.svg3KB
🖼word-add-in.png16KB
🖼word.svg3KB
🖼youtube.svg1KB
🖼pin-extension.svg1KB
🖼step-2.svg11KB
🖼step-3.svg8KB
🖼step-5.svg10KB
📁zendesk378KB
🖼onboarding.svg378KB
🖼full-page-translation.svg3KB
🖼inline-translation.svg5KB
🖼input-translation.svg5KB
🖼popup-bg-small.svg1KB
🖼popup-bg.svg918B
🖼settings-full-page-translation.svg2KB
📁icons28KB
📁glossary2KB
🖼open-glossary.svg2KB
🖼search.svg320B
📁platformBehaviours1KB
📁gdocs1KB
🖼alternatives.svg834B
🖼segmentation-sentence.svg331B
🖼segmentation-word.svg343B
📁settings4KB
🖼customization-settings.svg365B
🖼general-settings.svg1KB
🖼glossary-settings.svg2KB
🖼linkout.svg456B
📁translators13KB
📁inline2KB
🖼deepl-write.svg381B
🖼on-off.svg1KB
📁input11KB
🖼improve-writing-disabled.svg881B
🖼improve-writing.svg881B
🖼lang-settings-disabled.svg480B
🖼lang-settings.svg480B
🖼on-off-blue.svg1KB
🖼on-off-v2.svg603B
🖼on-off.svg1KB
🖼settings-blue.svg2KB
🖼settings.svg2KB
🖼translate-icon.svg2KB
🖼back_arrow.svg316B
🖼pencil_icon.svg544B
🖼shield-tooltip.svg1000B
🖼shield-white.svg993B
🖼shield.svg996B
🖼translate.svg485B
🖼warning.svg332B
🖼write-icon-blue.svg881B
🖼write-icon.svg881B
🖼write-pencil.svg598B
🖼x-mark-big.svg219B
📁interactive-onboarding8KB
🖼improve-icon.svg2KB
🖼multilingual-icon.svg3KB
🖼translate-icon.svg3KB
🖼Cog8ToothMedium.svg7KB
🖼Cog8ToothSmall.svg7KB
🖼arrow-down-black.svg190B
🖼arrow-down-blue.svg210B
🖼arrow-down-new.svg234B
🖼arrow-down-variant.svg236B
🖼arrow-down-variant2-blue.svg240B
🖼arrow-down-variant2-grey.svg241B
🖼arrow-down-variant2.svg241B
🖼arrow-down.svg190B
🖼arrow-narrow-right.svg229B
🖼arrow-right-long.svg246B
🖼arrow-right-variant.svg228B
🖼arrow-right.svg190B
🖼arrow-up-black.svg192B
🖼arrow-up.svg192B
🖼bg_yellow.svg318B
🖼book-blue.svg539B
🖼book-grey.svg540B
🖼book.svg541B
🖼bottom-position-icon.svg246B
🖼checkmark-white-slim.svg212B
🖼checkmark-white.svg219B
🖼checkmark.svg210B
🖼circle.svg3KB
🖼cog-white.svg1KB
🖼deepl-logo-no-text-disabled.svg2KB
🖼deepl-logo-no-text.svg2KB
🖼deepl-logo-settings.svg5KB
🖼deepl-logo-white-v2.svg5KB
🖼deepl-logo-white.svg2KB
🖼deepl-logo.svg5KB
🖼deepl_128.png2KB
🖼deepl_16.png453B
🖼deepl_32.png746B
🖼deepl_48.png1KB
🖼dots-vertical.svg905B
🖼drag.svg1KB
🖼emoji-happy.svg397B
🖼emoji-sad.svg397B
🖼feedback-link.svg362B
🖼gmail-char-limit-reached.svg1KB
🖼gmail-onboarding-design.svg185KB
🖼gmail-pro-info.svg807B
🖼info-blue.svg337B
🖼info-red.svg337B
🖼info.svg337B
🖼input-selection-trigger.svg738B
🖼left-position-icon.svg310B
🖼rigth-position-icon.svg277B
🖼toggle-on.svg430B
🖼top-position-icon.svg246B
🖼translate-icon.svg349B
🖼translate-languages-icon-disabled.svg300B
🖼translate-languages-icon.svg2KB
🖼userpic.svg899B
🖼write-icon-disabled.svg965B
🖼write-icon.svg2KB
🖼zendesk-settings-bg-lang-not-supported.svg6KB
🖼zendesk-settings-bg.svg7KB
📁tesseract61.5MB
📁lang-data44.7MB
📄ar.traineddata707KB
📄bg.traineddata787KB
📄cs.traineddata1.7MB
📄da.traineddata1.2MB
📄de.traineddata832KB
📄el.traineddata686KB
📄en.traineddata1.9MB
📄es.traineddata1.1MB
📄et.traineddata1.9MB
📄fi.traineddata3.6MB
📄fr.traineddata593KB
📄hu.traineddata2.3MB
📄id.traineddata596KB
📄it.traineddata1.2MB
📄ja.traineddata1.5MB
📄ko.traineddata1.1MB
📄lt.traineddata1.3MB
📄lv.traineddata1.2MB
📄nb.traineddata1.9MB
📄nl.traineddata2.9MB
📄pl.traineddata1.9MB
📄pt.traineddata981KB
📄ro.traineddata1MB
📄ru.traineddata1.5MB
📄sk.traineddata1.8MB
📄sl.traineddata1.2MB
📄sv.traineddata2.4MB
📄tr.traineddata1.9MB
📄uk.traineddata1.5MB
📄zh-Hans.traineddata1.7MB
📜tesseract-core-lstm.wasm.js3.8MBlarge
📜tesseract-core-simd-lstm.wasm.js3.8MBlarge
📜tesseract-core-simd.wasm.js4.5MBlarge
📜tesseract-core.wasm.js4.5MBlarge
📜tesseract.min.js62KBlarge
📜worker.min.js117KBlarge
🌐aknowledgements.html56KB
📜background.js1.2MBlarge
🌐create-account.html413B
🖼favicon.png13KB
🌐firefox-first-run.html432B
🎨global.css331B
🌐index.html408B
{}manifest.json3KB
🌐onboarding-firefox.html418B
🌐onboarding.html417B
🌐privacy-policy.html5KB
🌐publisher.html2KB
{}rules.json436B
{}schema.json1KB
🌐settings.html423B
🌐side-panel.html512B

What This Extension Does

The DeepL: translate and write with AI extension appears to be a productivity tool that allows users to translate text while reading or writing, utilizing the DeepL Translate service.

Permissions Explained

  • activeTab: Allows the extension to access the currently active tab in the browser.
+ Standard for translation extensions.
  • storage: Enables the extension to store data locally on the user's device.
+ Common for extensions that need to remember user settings or cache data.
  • contextMenus: Grants permission to create custom context menus within the browser.
+ Unusual, but possible for an extension with a complex UI.
  • tabs: Allows the extension to interact with tabs in various ways (e.g., creating new tabs, accessing tab metadata).
+ Standard for extensions that need to manage multiple tabs or windows.
  • scripting: Enables the extension to execute scripts within web pages.
+ Unusual, but possible for an extension that needs to inject custom JavaScript into web pages.
  • declarativeNetRequest: Allows the extension to modify network requests made by the browser.
+ Standard for extensions that need to intercept or modify HTTP requests.
  • identity: Grants permission to access user identity information (e.g., username, email).
+ Unusual, but possible if the extension needs to authenticate with a service using the user's credentials.
  • tts (Text-to-Speech): Enables the extension to use the browser's text-to-speech functionality.
+ Standard for extensions that provide accessibility features or read aloud functionality.
  • alarms: Allows the extension to schedule periodic tasks or alarms.
+ Unusual, but possible if the extension needs to perform background tasks at specific intervals.
  • webRequest: Grants permission to intercept and modify web requests made by the browser.
+ Standard for extensions that need to inspect or modify HTTP traffic.
  • cookies: Enables the extension to access and manage cookies set by websites.
+ Unusual, but possible if the extension needs to authenticate with a service using cookie-based authentication.
  • sidePanel: Allows the extension to create a side panel within the browser.
+ Standard for extensions that need to provide additional UI features.

What We Found in the Code

  • [medium] innerHTML assignment — potential XSS vector: This flag is likely due to the use of innerHTML for rendering dynamic content. While this can be a security risk if used with untrusted data, it's also a common pattern in web development for rendering UI elements.
  • [info] Makes HTTP requests: This is expected behavior for an extension that communicates with a remote service (DeepL Translate).
  • [high] Listens to keyboard events: This flag suggests the extension may be using keyboard listeners for shortcuts or other purposes. While this can be unusual, it's also possible if the extension needs to provide complex UI interactions.

External Connections

The extension communicates with the following domains:
  • www.deepl.com (expected)
  • w.deepl.com (expected)
  • api.deepl.com (expected)
  • support.deepl.com (expected)
  • write-pro.www.deepl.com (unexpected, possibly a testing or development domain)
  • write-free.www.deepl.com (unexpected, possibly a testing or development domain)
  • deepl.qualtrics.com (unexpected, possibly for survey or feedback purposes)
  • addons.mozilla.org (unexpected, possibly for Mozilla-specific functionality)
  • s.deepl.com (unexpected, possibly a subdomain used for specific services)
  • auth.deepl.com (expected)

Things to Consider

Based on the extension's name and description, it appears that the permissions declared are generally consistent with its intended functionality. However, some permissions (e.g., scripting, alarms) seem broader than necessary for a translation-focused extension.

Users may want to consider whether the extension's access to user identity information (identity permission) is justified by its stated purpose. Additionally, the use of keyboard listeners and potential XSS vector via innerHTML assignment warrant closer examination of the extension's code and behavior.

Similar Extensions

More in Productivity/communication →
📦

Loom %E2%80%93 Screen Recorder Sc

8M+ users
Record your screen and camera with one click. Share that content in an instant with a link.
Productivity/communication
📦

Quillbot Ai Writing And G

5M+ users
Elevate your writing with QuillBot's AI-powered productivity tools: Grammar Checker, Paraphrasing Tool, AI writer, and m…
Productivity/communication AI
📦

Email Tracker By Mailtrac

3M+ users
Free, unlimited email tracker for Gmail, trusted by millions. Accurate, reliable, GDPR-compliant, and Google-audited.
Productivity/communication
📦

Hubspot Sales

1M+ users
Email tracking, CRM for Gmail, and sales productivity tools in your inbox
Productivity/communication