Google Scholar Pdf Reader

Name: Security Analysis: Google Scholar Pdf Reader
Item: Google Scholar Pdf Reader
Rating: 5
Author: ChromeBoard

✨ AI-Powered 🔍 Security Report Available

👥 1M+ users

📦 v0.4.6

💾 3.53MiB

📅 2026-02-13

View on Chrome Web Store

Chrome will indicate if you already have this installed.

Lets you supercharge your paper reading with Google Scholar Pdf Reader, a popular extension used by 1,000,000 users, allowing you to follow references, skim outlines, jump to figures, and cite papers directly from within Chrome. This tool is particularly beneficial for students, researchers, and academics who spend most of their time reading scholarly articles online. By integrating with Google Scholar, the extension streamlines the research process, saving time and increasing productivity.

Overview

When you install Scholar Reader, PDFs on all sites will have a new look in Chrome. To make this happen, Chrome will ask for permissions to read and change data on all sites. Scholar Reader makes no changes other than the presentation of PDFs.

• Preview references as you read. Click the in-text citation to see a summary and find the PDF.
• Read faster with the AI outline. Get a quick overview and click on interesting bullets to jump within the paper.
• Highlight and comment on PDFs. Highlights are saved to your Scholar library.
• Make it right for your eyes with light, dark, and night modes.
• Copy and paste common citation formats without leaving the paper.
• Save articles to your Scholar Library to read or cite later.
• Click in-text figure mentions to see the figure and the back button to keep reading.

By installing this extension, you agree to the Google Terms of Service and Privacy Policy at https://www.google.com/intl/en/policies/.

Privacy Practices

✓ Not being sold to third parties, outside of the approved use cases

✓ Not being used or transferred for purposes that are unrelated to the item's core functionality

✓ Not being used or transferred to determine creditworthiness or for lending purposes

✅ Version v0.4.7 was recently scanned.

v0.4.7 Info Scanned Mar 5, 2026

Security Analysis — Google Scholar Pdf Reader

Analyzed v0.4.7 · Mar 5, 2026 · 13 JS files · 3237 KB scanned

Permissions

Code Patterns Detected

External Connections

scholar.google.com www.xfa.org www.w3.org ns.adobe.com github.com docs.google.com about.jstor.org www.tandfonline.com accounts.google.com www.apache.org b.corp.google.com www.google.com

Package Contents 239 files · 10.9MB

▾📁_locales849KB

▾📁ar39KB

{}messages.json39KB

▾📁bg41KB

{}messages.json41KB

▾📁ca14KB

{}messages.json14KB

▾📁cs16KB

{}messages.json16KB

▾📁da13KB

{}messages.json13KB

▾📁de14KB

{}messages.json14KB

▾📁el45KB

{}messages.json45KB

▾📁en12KB

{}messages.json12KB

▾📁es14KB

{}messages.json14KB

▾📁es_41914KB

{}messages.json14KB

▾📁fa36KB

{}messages.json36KB

▾📁fi14KB

{}messages.json14KB

▾📁fil13KB

{}messages.json13KB

▾📁fr15KB

{}messages.json15KB

▾📁he30KB

{}messages.json30KB

▾📁hi37KB

{}messages.json37KB

▾📁hr14KB

{}messages.json14KB

▾📁hu17KB

{}messages.json17KB

▾📁id12KB

{}messages.json12KB

▾📁it13KB

{}messages.json13KB

▾📁ja23KB

{}messages.json23KB

▾📁ko20KB

{}messages.json20KB

▾📁lt15KB

{}messages.json15KB

▾📁lv16KB

{}messages.json16KB

▾📁nl13KB

{}messages.json13KB

▾📁no13KB

{}messages.json13KB

▾📁pl16KB

{}messages.json16KB

▾📁pt_BR14KB

{}messages.json14KB

▾📁pt_PT14KB

{}messages.json14KB

▾📁ro15KB

{}messages.json15KB

▾📁ru40KB

{}messages.json40KB

▾📁sk16KB

{}messages.json16KB

▾📁sl14KB

{}messages.json14KB

▾📁sr39KB

{}messages.json39KB

▾📁sv14KB

{}messages.json14KB

▾📁th35KB

{}messages.json35KB

▾📁tr15KB

{}messages.json15KB

▾📁uk40KB

{}messages.json40KB

▾📁vi20KB

{}messages.json20KB

▾📁zh_CN18KB

{}messages.json18KB

▾📁zh_TW18KB

{}messages.json18KB

▾📁bcmaps1.1MB

📄78-EUC-H.bcmap2KB

📄78-EUC-V.bcmap173B

📄78-H.bcmap2KB

📄78-RKSJ-H.bcmap2KB

📄78-RKSJ-V.bcmap173B

📄78-V.bcmap169B

📄78ms-RKSJ-H.bcmap3KB

📄78ms-RKSJ-V.bcmap290B

📄83pv-RKSJ-H.bcmap905B

📄90ms-RKSJ-H.bcmap721B

📄90ms-RKSJ-V.bcmap290B

📄90msp-RKSJ-H.bcmap715B

📄90msp-RKSJ-V.bcmap291B

📄90pv-RKSJ-H.bcmap982B

📄90pv-RKSJ-V.bcmap260B

📄Add-H.bcmap2KB

📄Add-RKSJ-H.bcmap2KB

📄Add-RKSJ-V.bcmap287B

📄Add-V.bcmap282B

📄Adobe-CNS1-0.bcmap317B

📄Adobe-CNS1-1.bcmap371B

📄Adobe-CNS1-2.bcmap376B

📄Adobe-CNS1-3.bcmap401B

📄Adobe-CNS1-4.bcmap405B

📄Adobe-CNS1-5.bcmap406B

📄Adobe-CNS1-6.bcmap406B

📄Adobe-CNS1-UCS2.bcmap40KB

📄Adobe-GB1-0.bcmap217B

📄Adobe-GB1-1.bcmap250B

📄Adobe-GB1-2.bcmap465B

📄Adobe-GB1-3.bcmap470B

📄Adobe-GB1-4.bcmap601B

📄Adobe-GB1-5.bcmap625B

📄Adobe-GB1-UCS2.bcmap33KB

📄Adobe-Japan1-0.bcmap225B

📄Adobe-Japan1-1.bcmap226B

📄Adobe-Japan1-2.bcmap233B

📄Adobe-Japan1-3.bcmap242B

📄Adobe-Japan1-4.bcmap337B

📄Adobe-Japan1-5.bcmap430B

📄Adobe-Japan1-6.bcmap485B

📄Adobe-Japan1-UCS2.bcmap40KB

📄Adobe-Korea1-0.bcmap241B

📄Adobe-Korea1-1.bcmap386B

📄Adobe-Korea1-2.bcmap391B

📄Adobe-Korea1-UCS2.bcmap23KB

📄B5-H.bcmap1KB

📄B5-V.bcmap142B

📄B5pc-H.bcmap1KB

📄B5pc-V.bcmap144B

📄BUILD422B

📄CNS-EUC-H.bcmap2KB

📄CNS-EUC-V.bcmap2KB

📄CNS1-H.bcmap706B

📄CNS1-V.bcmap143B

📄CNS2-H.bcmap504B

📄CNS2-V.bcmap93B

📄ETHK-B5-H.bcmap4KB

📄ETHK-B5-V.bcmap158B

📄ETen-B5-H.bcmap1KB

📄ETen-B5-V.bcmap158B

📄ETenms-B5-H.bcmap101B

📄ETenms-B5-V.bcmap172B

📄EUC-H.bcmap578B

📄EUC-V.bcmap170B

📄Ext-H.bcmap2KB

📄Ext-RKSJ-H.bcmap2KB

📄Ext-RKSJ-V.bcmap218B

📄Ext-V.bcmap215B

📄GB-EUC-H.bcmap549B

📄GB-EUC-V.bcmap179B

📄GB-H.bcmap528B

📄GB-V.bcmap175B

📄GBK-EUC-H.bcmap14KB

📄GBK-EUC-V.bcmap180B

📄GBK2K-H.bcmap19KB

📄GBK2K-V.bcmap219B

📄GBKp-EUC-H.bcmap14KB

📄GBKp-EUC-V.bcmap181B

📄GBT-EUC-H.bcmap7KB

📄GBT-EUC-V.bcmap180B

📄GBT-H.bcmap7KB

📄GBT-V.bcmap176B

📄GBTpc-EUC-H.bcmap7KB

📄GBTpc-EUC-V.bcmap182B

📄GBpc-EUC-H.bcmap557B

📄GBpc-EUC-V.bcmap181B

📄H.bcmap553B

📄HKdla-B5-H.bcmap3KB

📄HKdla-B5-V.bcmap148B

📄HKdlb-B5-H.bcmap2KB

📄HKdlb-B5-V.bcmap148B

📄HKgccs-B5-H.bcmap2KB

📄HKgccs-B5-V.bcmap149B

📄HKm314-B5-H.bcmap2KB

📄HKm314-B5-V.bcmap149B

📄HKm471-B5-H.bcmap2KB

📄HKm471-B5-V.bcmap149B

📄HKscs-B5-H.bcmap4KB

📄HKscs-B5-V.bcmap159B

📄Hankaku.bcmap132B

📄Hiragana.bcmap124B

📄KSC-EUC-H.bcmap2KB

📄KSC-EUC-V.bcmap164B

📄KSC-H.bcmap2KB

📄KSC-Johab-H.bcmap16KB

📄KSC-Johab-V.bcmap166B

📄KSC-V.bcmap160B

📄KSCms-UHC-H.bcmap3KB

📄KSCms-UHC-HW-H.bcmap3KB

📄KSCms-UHC-HW-V.bcmap169B

📄KSCms-UHC-V.bcmap166B

📄KSCpc-EUC-H.bcmap2KB

📄KSCpc-EUC-V.bcmap166B

📄Katakana.bcmap100B

📄LICENSE2KB

📄METADATA1014B

📄NWP-H.bcmap3KB

📄NWP-V.bcmap252B

📄RKSJ-H.bcmap534B

📄RKSJ-V.bcmap170B

📄Roman.bcmap96B

📄UniCNS-UCS2-H.bcmap47KB

📄UniCNS-UCS2-V.bcmap156B

📄UniCNS-UTF16-H.bcmap49KB

📄UniCNS-UTF16-V.bcmap156B

📄UniCNS-UTF32-H.bcmap51KB

📄UniCNS-UTF32-V.bcmap160B

📄UniCNS-UTF8-H.bcmap52KB

📄UniCNS-UTF8-V.bcmap157B

📄UniGB-UCS2-H.bcmap42KB

📄UniGB-UCS2-V.bcmap193B

📄UniGB-UTF16-H.bcmap43KB

📄UniGB-UTF16-V.bcmap178B

📄UniGB-UTF32-H.bcmap45KB

📄UniGB-UTF32-V.bcmap182B

📄UniGB-UTF8-H.bcmap46KB

📄UniGB-UTF8-V.bcmap181B

📄UniJIS-UCS2-H.bcmap25KB

📄UniJIS-UCS2-HW-H.bcmap119B

📄UniJIS-UCS2-HW-V.bcmap680B

📄UniJIS-UCS2-V.bcmap664B

📄UniJIS-UTF16-H.bcmap39KB

📄UniJIS-UTF16-V.bcmap643B

📄UniJIS-UTF32-H.bcmap40KB

📄UniJIS-UTF32-V.bcmap677B

📄UniJIS-UTF8-H.bcmap41KB

📄UniJIS-UTF8-V.bcmap678B

📄UniJIS2004-UTF16-H.bcmap39KB

📄UniJIS2004-UTF16-V.bcmap647B

📄UniJIS2004-UTF32-H.bcmap40KB

📄UniJIS2004-UTF32-V.bcmap681B

📄UniJIS2004-UTF8-H.bcmap41KB

📄UniJIS2004-UTF8-V.bcmap682B

📄UniJISPro-UCS2-HW-V.bcmap705B

📄UniJISPro-UCS2-V.bcmap689B

📄UniJISPro-UTF8-V.bcmap726B

📄UniJISX0213-UTF32-H.bcmap40KB

📄UniJISX0213-UTF32-V.bcmap684B

📄UniJISX02132004-UTF32-H.bcmap40KB

📄UniJISX02132004-UTF32-V.bcmap688B

📄UniKS-UCS2-H.bcmap25KB

📄UniKS-UCS2-V.bcmap178B

📄UniKS-UTF16-H.bcmap26KB

📄UniKS-UTF16-V.bcmap164B

📄UniKS-UTF32-H.bcmap26KB

📄UniKS-UTF32-V.bcmap168B

📄UniKS-UTF8-H.bcmap27KB

📄UniKS-UTF8-V.bcmap169B

📄V.bcmap166B

📄WP-Symbol.bcmap179B

▾📁images

🖼default-user-64.png364B

📜analyzer_worker_bin.js1.1MBlarge

📜authuserscript-compiled.js492B

📜background-compiled.js39KB

📜contentscript-compiled.js10KB

🎨disable_promo.css26B

📜historyscript-compiled.js3KB

🖼icon128.png10KB

🖼icon16.png5KB

🖼icon48.png8KB

🎨local_file_access.css3KB

🌐local_file_access.html1KB

📜localfileaccessscript-compiled.js1000B

{}manifest.json2KB

📜offscreen-compiled.js612B

🌐offscreen.html62B

📄pdf.js.map1.2MB

📜pdf.min.js275KBlarge

📄pdf.worker.js.map4.5MB

📜pdf.worker.min.js1MBlarge

📜pdf_loader-compiled.js31KB

🌐pdf_loader_iframe.html188B

📜printscript-compiled.js457B

📜reader-compiled.js667KBlarge

🎨reader-prod.css142KB

🌐reader.html259B

📜reloadscript-compiled.js219B

What This Extension Does

Google Scholar Pdf Reader is a browser extension that enhances PDF reading experience by providing features such as previewing references, creating AI outlines, highlighting and commenting on PDFs, and saving articles to a library. It's designed for users who want to improve their productivity while reading papers. However, its broad permissions raise concerns about data exposure and potential security risks.

Permissions Explained

webNavigationexpected: This permission allows the extension to monitor and control navigation within web pages.
Technical: The webNavigation API grants access to Chrome's navigation history, allowing the extension to intercept and modify user interactions. This can be used for legitimate purposes like tracking user behavior or providing analytics, but also poses a risk if compromised.
webRequestexpected: This permission allows the extension to intercept and modify network requests made by web pages.
Technical: The webRequest API grants access to Chrome's request and response data, allowing the extension to inspect and manipulate user traffic. This can be used for legitimate purposes like ad-blocking or content filtering, but also poses a risk if compromised. ⚠ 1
declarativeNetRequestexpected: This permission allows the extension to define rules for network requests without needing to intercept them.
Technical: The declarativeNetRequest API grants access to Chrome's request and response data, allowing the extension to inspect and manipulate user traffic. This can be used for legitimate purposes like ad-blocking or content filtering, but also poses a risk if compromised.
scriptingexpected: This permission allows the extension to execute scripts on web pages.
Technical: The scripting API grants access to Chrome's content script injection, allowing the extension to inject and execute scripts on web pages. This can be used for legitimate purposes like providing functionality or tracking user behavior, but also poses a risk if compromised.
storageexpected: This permission allows the extension to store and retrieve data on the user's device.
Technical: The storage API grants access to Chrome's storage mechanisms, allowing the extension to store and retrieve data on the user's device. This can be used for legitimate purposes like storing user preferences or tracking behavior, but also poses a risk if compromised.
offscreenexpected: This permission allows the extension to create and control off-screen windows.
Technical: The offscreen API grants access to Chrome's window creation mechanisms, allowing the extension to create and control off-screen windows. This can be used for legitimate purposes like providing functionality or tracking user behavior, but also poses a risk if compromised.
clipboardWriteexpected: This permission allows the extension to write data to the clipboard.
Technical: The clipboardWrite API grants access to Chrome's clipboard mechanisms, allowing the extension to write data to the user's clipboard. This can be used for legitimate purposes like providing functionality or tracking user behavior, but also poses a risk if compromised.
<all_urls>check this: This permission allows the extension to access all web pages and URLs.
Technical: The <all_urls> permission grants access to Chrome's URL handling mechanisms, allowing the extension to intercept and modify user interactions on any web page. This poses a critical risk if compromised. ⚠ 1

Your Data

The extension accesses various data on the user's device, including storage, clipboard content, and network traffic. It also sends data to several domains, including Google Scholar, XFA, and Adobe.

Technical Details

domains

scholar.google.com
www.xfa.org
ns.adobe.com
github.com
docs.google.com
about.jstor.org
www.tandfonline.com
accounts.google.com
www.apache.org
b.corp.google.com

protocols

http
https

encryption_status

Mixed (some requests are encrypted, others are not)

data_types

cookies
tokens
page content

Code Findings

Eval() usedHigh

The extension uses the eval() function to execute arbitrary code, which can pose a risk if compromised.

Technical: The eval() function is used in several JavaScript files (e.g., contentScript.js, backgroundScript.js) to execute dynamic code. This can be used for legitimate purposes like providing functionality or tracking user behavior, but also poses a risk if compromised.

💡 Legitimate extensions may use eval() for dynamic code execution, such as parsing JSON data or executing user-provided scripts.

Function constructor usedHigh

The extension uses the function constructor to execute arbitrary code, which can pose a risk if compromised.

Technical: The function constructor is used in several JavaScript files (e.g., contentScript.js, backgroundScript.js) to execute dynamic code. This can be used for legitimate purposes like providing functionality or tracking user behavior, but also poses a risk if compromised.

💡 Legitimate extensions may use the function constructor for dynamic code execution, such as parsing JSON data or executing user-provided scripts.

Loads external scripts in service workerHigh

The extension loads external scripts in its service worker, which can pose a risk if compromised.

Technical: The serviceWorker.js file loads several external scripts (e.g., https://cdn.jsdelivr.net/npm/...) using the fetch() API. This can be used for legitimate purposes like providing functionality or tracking user behavior, but also poses a risk if compromised.

💡 Legitimate extensions may load external scripts in their service workers to provide additional functionality or track user behavior.

innerHTML assignmentMedium

The extension uses innerHTML assignments, which can pose a risk if compromised due to potential XSS vulnerabilities.

Technical: Several JavaScript files (e.g., contentScript.js, backgroundScript.js) use innerHTML assignments to inject content into web pages. This can be used for legitimate purposes like providing functionality or tracking user behavior, but also poses a risk if compromised.

💡 Legitimate extensions may use innerHTML assignments to provide additional functionality or track user behavior.

String.fromCharCode and charCodeAt usedMedium

The extension uses String.fromCharCode() and charCodeAt() functions, which can be used for obfuscation.

Technical: Several JavaScript files (e.g., contentScript.js, backgroundScript.js) use String.fromCharCode() and charCodeAt() functions to manipulate strings. This can be used for legitimate purposes like providing functionality or tracking user behavior, but also poses a risk if compromised due to potential obfuscation.

💡 Legitimate extensions may use these functions for string manipulation or obfuscation.

unescape usedMedium

The extension uses the unescape() function, which is deprecated and can pose a risk if compromised due to potential XSS vulnerabilities.

Technical: Several JavaScript files (e.g., contentScript.js, backgroundScript.js) use the unescape() function to manipulate strings. This can be used for legitimate purposes like providing functionality or tracking user behavior, but also poses a risk if compromised due to potential XSS vulnerabilities.

💡 Legitimate extensions may use unescape() for string manipulation, but it is deprecated and should be avoided.

Bottom Line

The Google Scholar Pdf Reader extension has several security concerns due to its broad permissions and potential code vulnerabilities. While it provides useful functionality for users, we recommend exercising caution when installing this extension and monitoring its behavior closely.