Deepl Translate And Write

Name: Security Analysis: Deepl Translate And Write
Item: Deepl Translate And Write
Rating: 5
Author: ChromeBoard

✨ AI-Powered 🔍 Security Report Available

👥 4M+ users

📦 v1.74.0

💾 53.49MiB

📅 2026-02-16

View on Chrome Web Store

Chrome will indicate if you already have this installed.

Overview

Stay informed, work smarter, and communicate globally without leaving your browser.

Trusted by millions across the globe, DeepL’s Language AI delivers unmatched accuracy and fluency to help you scale faster and bring clarity and efficiency into your daily work. All of that, with the highest levels of data security.

Easy to use, hard to beat!

The DeepL extension integrates seamlessly into your workflows, eliminating manual and time-consuming tasks.
No more losing context by switching tabs or apps!
With just a few clicks or by using shortcuts you can customize, the DeepL extension helps you do the following:

🌍 Translate while browsing
Do your research and stay up-to-date with information in the language of your choice. With the DeepL extension, you can:

- Translate sections on the go
- Translate entire pages (unlimited with DeepL Pro)
- Automate page translation (only with DeepL Pro)

✍️ Get translation and writing assistance for emails and documents
For your productivity, DeepL is integrated into Google Workspace with direct translation and writing assistance in Gmail, Google Docs, and Google Slides.

Read and write emails, and create and edit various documents, including papers, presentations, and reports. Adapt your work instantly to your audience, objectives, and standards:

- Translate where you work, with possible alternatives and a dictionary
- Get text corrections and suggestions for more clarity and adapt your writing style
- Apply your company, domain, or client glossaries to your documents (with DeepL Pro)

🚀 Translate and polish your comms on the spot
DeepL is also integrated into content, messaging, and social media platforms—YouTube, WhatsApp, LinkedIn, and X.

Stay in touch and exchange with your peers, partners and collaborators effectively, with instant translation and writing assistance:

- Send clear replies tailored to your goals and audience
- Engage with multilingual communities in a timely and relevant manner and extend your reach

DeepL supports translation for 30+ languages and offers writing assistance for 5+ languages with an ever-growing language portfolio.

Key information

🤝 Plans
The free version of the DeepL extension comes with character limitations.
In addition, some of our features, such as the glossary or the automated page translation, are only available to DeepL Pro and DeepL Write Pro users.

Learn more about all the advantages of DeepL Pro and DeepL Write Pro and find your plan: deepl.com/pro

🔐 Data security
The security of your data is our top priority. Per our terms and conditions at deepl.com/en/pro-license, both DeepL Pro and DeepL Write Pro don’t store or use your content to enhance our service, unless you actively agree to it, allowing you to securely translate and refine content containing personal data. However, the free version of our service may use submitted content to improve the DeepL algorithms for all users. Therefore, users shouldn't process any confidential or personal data through the free version. Learn more about our robust security measures and commitment to privacy: deepl.com/pro-data-security

Reimagine business communication with DeepL's Language AI platform
Read more about our solutions: deepl.com/en/whydeepl

Privacy Practices

✓ Not being sold to third parties, outside of the approved use cases

✓ Not being used or transferred for purposes that are unrelated to the item's core functionality

✓ Not being used or transferred to determine creditworthiness or for lending purposes

🔄 New version v1.74.0 detected — scan automatically queued.

v1.78.0 Info Scanned Mar 5, 2026

Security Analysis — Deepl Translate And Write

Analyzed v1.78.0 · Mar 5, 2026 · 13 JS files · 23184 KB scanned

Permissions

Code Patterns Detected

External Connections

www.deepl.com w.deepl.com www.w3.org api.deepl.com support.deepl.com www2.deepl.com write-pro.www.deepl.com write-free.www.deepl.com deepl.qualtrics.com addons.mozilla.org s.deepl.com ecosystem-link.www.deepl.com +8 more

Package Contents 231 files · 71.1MB

▾📁_locales1.9MB

▾📁ar113KB

{}messages.json113KB

▾📁cs100KB

{}messages.json100KB

▾📁de100KB

{}messages.json100KB

▾📁en96KB

{}messages.json96KB

▾📁es98KB

{}messages.json98KB

▾📁fr100KB

{}messages.json100KB

▾📁id100KB

{}messages.json100KB

▾📁it98KB

{}messages.json98KB

▾📁ja105KB

{}messages.json105KB

▾📁jp23KB

{}messages.json23KB

▾📁ko101KB

{}messages.json101KB

▾📁nl98KB

{}messages.json98KB

▾📁pl100KB

{}messages.json100KB

▾📁pt_BR98KB

{}messages.json98KB

▾📁pt_PT98KB

{}messages.json98KB

▾📁ru120KB

{}messages.json120KB

▾📁sv100KB

{}messages.json100KB

▾📁tr99KB

{}messages.json99KB

▾📁uk122KB

{}messages.json122KB

▾📁zh_CN92KB

{}messages.json92KB

▾📁_metadata32KB

{}verified_contents.json32KB

▾📁build5.3MB

🎨bundle.css158KB

📜bundle.js681KBlarge

🎨content.css147KB

📜content.js1MBlarge

🎨create-account.css4KB

📜create-account.js425KBlarge

🎨onboarding.css12KB

📜onboarding.js468KBlarge

🎨settings-page.css163KB

📜settings-page.js701KBlarge

🎨sidePanel.css181KB

📜sidePanel.js1.4MBlarge

▾📁images1MB

▾📁buttons13KB

🖼close-dark.svg270B

🖼close-red.svg635B

🖼close-white.svg217B

🖼close-zendesk.svg219B

🖼close.svg635B

🖼copy-active.svg741B

🖼copy.svg741B

🖼external-link-variant.svg465B

🖼external-link.svg411B

🖼gdocs-replace.svg248B

🖼listen-stop.svg610B

🖼listen.svg551B

🖼menu-icon.svg222B

🖼settings-inline.svg2KB

🖼settings-input-blue.svg1KB

🖼settings-input.svg1KB

🖼settings.svg2KB

🖼turnoff-blue.svg335B

🖼turnoff.svg335B

▾📁graphics733KB

▾📁gdocs13KB

🖼onboarding.svg6KB

🖼toolbar_icon_onboarding.svg7KB

▾📁gslides10KB

🖼onboarding.svg10KB

▾📁onboarding315KB

▾📁most-used-apps284KB

🖼add-ins.svg32KB

🖼discord.svg2KB

🖼facebook.svg830B

🖼gdocs.png6KB

🖼gdocs.svg84KB

🖼github.svg3KB

🖼gmail.png5KB

🖼gmail.svg64KB

🖼gslides.png14KB

🖼gslides.svg9KB

🖼msword.svg36KB

🖼reddit.svg4KB

🖼telegram.svg993B

🖼twitter.svg1KB

🖼whatsapp.svg3KB

🖼word-add-in.png16KB

🖼word.svg3KB

🖼youtube.svg1KB

🖼pin-extension.svg1KB

🖼step-2.svg11KB

🖼step-3.svg8KB

🖼step-5.svg10KB

▾📁zendesk378KB

🖼onboarding.svg378KB

🖼full-page-translation.svg3KB

🖼inline-translation.svg5KB

🖼input-translation.svg5KB

🖼popup-bg-small.svg1KB

🖼popup-bg.svg918B

🖼settings-full-page-translation.svg2KB

▾📁icons28KB

▾📁glossary2KB

🖼open-glossary.svg2KB

🖼search.svg320B

▾📁platformBehaviours1KB

▾📁gdocs1KB

🖼alternatives.svg834B

🖼segmentation-sentence.svg331B

🖼segmentation-word.svg343B

▾📁settings4KB

🖼customization-settings.svg365B

🖼general-settings.svg1KB

🖼glossary-settings.svg2KB

🖼linkout.svg456B

▾📁translators13KB

▾📁inline2KB

🖼deepl-write.svg381B

🖼on-off.svg1KB

▾📁input11KB

🖼improve-writing-disabled.svg881B

🖼improve-writing.svg881B

🖼lang-settings-disabled.svg480B

🖼lang-settings.svg480B

🖼on-off-blue.svg1KB

🖼on-off-v2.svg603B

🖼on-off.svg1KB

🖼settings-blue.svg2KB

🖼settings.svg2KB

🖼translate-icon.svg2KB

🖼back_arrow.svg316B

🖼pencil_icon.svg544B

🖼shield-tooltip.svg1000B

🖼shield-white.svg993B

🖼shield.svg996B

🖼translate.svg485B

🖼warning.svg332B

🖼write-icon-blue.svg881B

🖼write-icon.svg881B

🖼write-pencil.svg598B

🖼x-mark-big.svg219B

▾📁interactive-onboarding8KB

🖼improve-icon.svg2KB

🖼multilingual-icon.svg3KB

🖼translate-icon.svg3KB

🖼Cog8ToothMedium.svg7KB

🖼Cog8ToothSmall.svg7KB

🖼arrow-down-black.svg190B

🖼arrow-down-blue.svg210B

🖼arrow-down-new.svg234B

🖼arrow-down-variant.svg236B

🖼arrow-down-variant2-blue.svg240B

🖼arrow-down-variant2-grey.svg241B

🖼arrow-down-variant2.svg241B

🖼arrow-down.svg190B

🖼arrow-narrow-right.svg229B

🖼arrow-right-long.svg246B

🖼arrow-right-variant.svg228B

🖼arrow-right.svg190B

🖼arrow-up-black.svg192B

🖼arrow-up.svg192B

🖼bg_yellow.svg318B

🖼book-blue.svg539B

🖼book-grey.svg540B

🖼book.svg541B

🖼bottom-position-icon.svg246B

🖼checkmark-white-slim.svg212B

🖼checkmark-white.svg219B

🖼checkmark.svg210B

🖼circle.svg3KB

🖼cog-white.svg1KB

🖼deepl-logo-no-text-disabled.svg2KB

🖼deepl-logo-no-text.svg2KB

🖼deepl-logo-settings.svg5KB

🖼deepl-logo-white-v2.svg5KB

🖼deepl-logo-white.svg2KB

🖼deepl-logo.svg5KB

🖼deepl_128.png2KB

🖼deepl_16.png453B

🖼deepl_32.png746B

🖼deepl_48.png1KB

🖼dots-vertical.svg905B

🖼drag.svg1KB

🖼emoji-happy.svg397B

🖼emoji-sad.svg397B

🖼feedback-link.svg362B

🖼gmail-char-limit-reached.svg1KB

🖼gmail-onboarding-design.svg185KB

🖼gmail-pro-info.svg807B

🖼info-blue.svg337B

🖼info-red.svg337B

🖼info.svg337B

🖼input-selection-trigger.svg738B

🖼left-position-icon.svg310B

🖼rigth-position-icon.svg277B

🖼toggle-on.svg430B

🖼top-position-icon.svg246B

🖼translate-icon.svg349B

🖼translate-languages-icon-disabled.svg300B

🖼translate-languages-icon.svg2KB

🖼userpic.svg899B

🖼write-icon-disabled.svg965B

🖼write-icon.svg2KB

🖼zendesk-settings-bg-lang-not-supported.svg6KB

🖼zendesk-settings-bg.svg7KB

▾📁tesseract61.5MB

▾📁lang-data44.7MB

📄ar.traineddata707KB

📄bg.traineddata787KB

📄cs.traineddata1.7MB

📄da.traineddata1.2MB

📄de.traineddata832KB

📄el.traineddata686KB

📄en.traineddata1.9MB

📄es.traineddata1.1MB

📄et.traineddata1.9MB

📄fi.traineddata3.6MB

📄fr.traineddata593KB

📄hu.traineddata2.3MB

📄id.traineddata596KB

📄it.traineddata1.2MB

📄ja.traineddata1.5MB

📄ko.traineddata1.1MB

📄lt.traineddata1.3MB

📄lv.traineddata1.2MB

📄nb.traineddata1.9MB

📄nl.traineddata2.9MB

📄pl.traineddata1.9MB

📄pt.traineddata981KB

📄ro.traineddata1MB

📄ru.traineddata1.5MB

📄sk.traineddata1.8MB

📄sl.traineddata1.2MB

📄sv.traineddata2.4MB

📄tr.traineddata1.9MB

📄uk.traineddata1.5MB

📄zh-Hans.traineddata1.7MB

📜tesseract-core-lstm.wasm.js3.8MBlarge

📜tesseract-core-simd-lstm.wasm.js3.8MBlarge

📜tesseract-core-simd.wasm.js4.5MBlarge

📜tesseract-core.wasm.js4.5MBlarge

📜tesseract.min.js62KBlarge

📜worker.min.js117KBlarge

🌐aknowledgements.html58KB

📜background.js1.2MBlarge

🌐create-account.html413B

🖼favicon.png13KB

🌐firefox-first-run.html432B

🎨global.css331B

🌐index.html408B

{}manifest.json3KB

🌐onboarding-firefox.html418B

🌐onboarding.html417B

🌐privacy-policy.html5KB

🌐publisher.html2KB

{}rules.json436B

{}schema.json1KB

🌐settings.html423B

🌐side-panel.html512B

What This Extension Does

The Deepl Translate And Write extension provides translation services for users, allowing them to translate text while browsing or writing. It's suitable for individuals who need to communicate globally and work efficiently across languages.

Permissions Explained

activeTabexpected: This permission allows the extension to access the current webpage you're viewing.
Technical: The activeTab permission grants access to the currently active tab's content, which can include sensitive information such as login credentials or personal data. This could potentially expose users to unauthorized access if compromised.
storageexpected: This permission allows the extension to store and retrieve data locally on your device.
Technical: The storage permission grants access to local storage, which can include sensitive information such as login credentials or personal data. This could potentially expose users to unauthorized access if compromised.
contextMenusexpected: This permission allows the extension to create custom context menus for your browser.
Technical: The contextMenus permission grants access to creating custom context menus, which can potentially be used for phishing or other malicious activities if compromised.
tabsexpected: This permission allows the extension to access and manipulate your browser tabs.
Technical: The tabs permission grants access to tab management, which can include sensitive information such as open URLs or browsing history. This could potentially expose users to unauthorized access if compromised.
scriptingexpected: This permission allows the extension to execute scripts on your behalf.
Technical: The scripting permission grants access to executing scripts, which can potentially be used for malicious activities such as code injection or data exfiltration if compromised.
declarativeNetRequestexpected: This permission allows the extension to intercept and modify network requests.
Technical: The declarativeNetRequest permission grants access to modifying network requests, which can potentially be used for malicious activities such as data exfiltration or man-in-the-middle attacks if compromised.
identityexpected: This permission allows the extension to access your browser's identity and authentication information.
Technical: The identity permission grants access to authentication information, which can potentially expose users to unauthorized access if compromised.
*://*.deepl.com/*expected: This permission allows the extension to communicate with DeepL's servers.
Technical: The *://*.deepl.com/* permission grants access to communicating with DeepL's servers, which can potentially expose users to unauthorized access if compromised.
https://api-test.deepl.com/v1/*expected: This permission allows the extension to communicate with DeepL's API servers for testing purposes.
Technical: The https://api-test.deepl.com/v1/* permission grants access to communicating with DeepL's API servers, which can potentially expose users to unauthorized access if compromised.
https://api.deepl.com/v1/*expected: This permission allows the extension to communicate with DeepL's API servers for production purposes.
Technical: The https://api.deepl.com/v1/* permission grants access to communicating with DeepL's API servers, which can potentially expose users to unauthorized access if compromised.

Your Data

The extension accesses your browsing data, including the current webpage you're viewing, and sends it to DeepL's servers for translation purposes. It also stores local data on your device.

Technical Details

The extension makes XHR requests to www.deepl.com, w.deepl.com, api.deepl.com, support.deepl.com, www2.deepl.com, write-pro.www.deepl.com, write-free.www.deepl.com, deepl.qualtrics.com, addons.mozilla.org, s.deepl.com, and ecosystem-link.www.deepl.com. It also stores data locally on your device using the storage permission.

Code Findings

innerHTML assignment — potential XSS vectorMedium

This finding indicates that the extension uses innerHTML assignment, which can potentially be used for cross-site scripting (XSS) attacks if compromised.

Technical: The extension uses innerHTML assignment in its content script to inject HTML elements. This could potentially allow an attacker to inject malicious code if they gain access to the extension's codebase.

💡 This pattern is commonly used in legitimate extensions for injecting HTML elements into web pages.

String.fromCharCode (obfuscation)Medium

This finding indicates that the extension uses String.fromCharCode, which can potentially be used for code obfuscation.

Technical: The extension uses String.fromCharCode to encode strings in its JavaScript files. This could potentially make it harder for security researchers to analyze the extension's behavior.

💡 This pattern is commonly used in legitimate extensions for encoding sensitive data.

Makes XHR requestsInfo

This finding indicates that the extension makes XHR requests to DeepL's servers for translation purposes.

Technical: The extension makes XHR requests to various domains, including www.deepl.com and api.deepl.com. This is a normal behavior for an extension that provides online services.

💡 This pattern is commonly used in legitimate extensions for communicating with remote servers.

Captures keystrokesCritical

This finding indicates that the extension captures keystrokes, which can potentially be used for malicious activities such as keylogging or password capture.

Technical: The extension uses the tts permission to capture keystrokes. This could potentially allow an attacker to capture sensitive information such as login credentials or personal data if they gain access to the extension's codebase.

💡 This pattern is not commonly used in legitimate extensions for capturing keystrokes.

Runs on ALL websitesHigh

This finding indicates that the extension runs on all websites, which can potentially expose users to unauthorized access if compromised.

Technical: The extension uses the declarativeNetRequest permission to run on all websites. This could potentially allow an attacker to inject malicious code or exfiltrate sensitive data if they gain access to the extension's codebase.

💡 This pattern is commonly used in legitimate extensions for intercepting and modifying network requests.

Broad host permissionsCritical

This finding indicates that the extension has broad host permissions, which can potentially expose users to unauthorized access if compromised.

Technical: The extension uses the *://*.deepl.com/* permission to communicate with DeepL's servers. This could potentially allow an attacker to inject malicious code or exfiltrate sensitive data if they gain access to the extension's codebase.

💡 This pattern is commonly used in legitimate extensions for communicating with remote servers.

Creates iframe elementsMedium

This finding indicates that the extension creates iframe elements, which can potentially be used for malicious activities such as phishing or code injection.

Technical: The extension uses the content script to create iframe elements. This could potentially allow an attacker to inject malicious code if they gain access to the extension's codebase.

💡 This pattern is commonly used in legitimate extensions for injecting HTML elements into web pages.

Sets up event listenersInfo

This finding indicates that the extension sets up event listeners, which can potentially be used for malicious activities such as code injection or data exfiltration.

Technical: The extension uses the content script to set up event listeners. This could potentially allow an attacker to inject malicious code if they gain access to the extension's codebase.

💡 This pattern is commonly used in legitimate extensions for responding to user interactions.

Bottom Line

The Deepl Translate And Write extension provides translation services for users, but it also has some concerning findings. The extension captures keystrokes and runs on all websites, which can potentially expose users to unauthorized access if compromised. Additionally, the extension creates iframe elements and sets up event listeners, which could potentially be used for malicious activities such as code injection or data exfiltration. Users should exercise caution when installing this extension and regularly review its behavior to ensure it aligns with their expectations.