Is Video converter online VideoConvertPlus safe?

This security report analyses whether Video converter online VideoConvertPlus is safe to install on your browser. We check Video converter online VideoConvertPlus for malicious behaviour, data exfiltration, suspicious permissions, and known vulnerabilities so you can decide if Video converter online VideoConvertPlus is safe for your personal or enterprise fleet.

Critical risk

Video converter extension that generates persistent user IDs and transmits them to remote servers, with periodic server checks that can trigger undisclosed tab creation.

v1.6.5Chrome Web Store
45Risk

AI-generated. Findings may contain errors. Those marked Verified have been manually reviewed.

Publishers can request a review.

Findings

mediumAI Found

Extension generates a persistent random user ID and transmits it to redcoolmedia.net on every polling cycle

web.js:125-157 (checkregruser) reads or creates a 10-char alphanumeric ID from chrome.storage.local under key 'redcool_key'. It is appended as ?u= to fetch('https://stream.redcoolmedia.net/api/videoconverteru.php?hex=1&u='+un) at web.js:162. The function is invoked every ~6 tab activation/update events by xdii() (web.js:6-16), which listens to chrome.tabs.onActivated and chrome.tabs.onUpdated (web.js:29-36). ID persists across browser restarts via chrome.storage.local.

CWE-359high confidence
mediumAI Found

Server response containing '302' causes background script to silently open a new browser tab

checkregruser() at web.js:162-173 fetches stream.redcoolmedia.net. If HTTP 200 and response body contains the string '302', chrome.tabs.create is called with url='https://www.redcoolmedia.net/api/app-videoconverter.php?u='+un (web.js:169-170). The remote server thus has full control over whether a new tab is injected into the user's browser and can switch this on at any time by changing the response body.

CWE-829high confidence
lowAI Found

Extension popup loads an iframe with the persistent user tracking ID embedded in the URL

apar.js:44-60 runs automatically when the extension popup is opened. It creates an iframe and sets iframe.src to 'https://www.redcoolmedia.net/appdirect/viewapp.php?urlpathx=prevideoconvert_ext.php&username='+usernameredcool (apar.js:49). The user ID is retrieved from chrome.storage.local (apar.js:8-20) and transmitted on every popup open.

CWE-359high confidence

+1 more finding not shown

Sign up to see all findings
Updated 15 April 2026fcklncmjdocmnkijcbknajajdleaobcf