Is 金山收藏助手 safe?

High risk

Legitimate web clipper extension from Kingsoft/WPS with two high-severity postMessage vulnerabilities that allow malicious websites to establish unauthorized MessageChannel communication with the extension. Uses broad permissions (*://*/*) and cookies access, but data flows are limited to first-party Kingsoft domains. No evidence of malicious data exfiltration or third-party tracking. Recommended for users who trust the WPS ecosystem, pending vulnerability fixes.

金山收藏助手v2.0.7Chrome Web Store
75Risk

AI-generated. Findings may contain errors. Those marked Verified have been manually reviewed.

Publishers can request a review.

Findings

Updated 18 May 2026lanhpcaapacdmofkjpkahckmlkljcdhh