Home .pdf Are PDF Files Safe? What to Watch For
.pdf

Are PDF Files Safe? What to Watch For

PDFs are generally safe, but they can contain JavaScript, links, and embedded files — check before you trust.

Safety overview

PDFs are one of the most common file formats in the world, and most are perfectly safe. But the PDF specification is vast — it supports JavaScript, embedded files, form submission, and external links. That flexibility creates attack surface.

The main risks with PDFs are embedded JavaScript that exploits viewer vulnerabilities, phishing links disguised as legitimate URLs, and embedded files (a PDF can contain an executable as an attachment). Modern PDF readers like Chrome's built-in viewer and Adobe Reader run in sandboxed environments that mitigate most of these risks, but older or less common viewers may not.

To stay safe: open PDFs from trusted sources in a modern viewer. Chrome's built-in PDF viewer is one of the safest options because it disables JavaScript and runs in a strict sandbox. If a PDF asks you to "enable features" or "click to allow," that's a red flag — legitimate PDFs don't need special permissions.

For PDFs from unknown sources, inspect before opening. Check the file size (a 50 MB "invoice" is suspicious), verify the sender, and consider opening in a sandboxed environment. Google Drive's preview renders PDFs server-side, which isolates any malicious content from your device.

The format itself is not the risk — it's what's embedded inside. A PDF containing only text and images (which describes the vast majority of PDFs) is as safe as a JPG.

FAQ
Can a PDF contain a virus?
A PDF cannot contain a traditional virus, but it can contain JavaScript that exploits vulnerabilities in PDF readers. Modern readers (Chrome, Adobe Reader) sandbox this code, making exploitation very difficult.
Is it safe to open a PDF in Chrome?
Yes. Chrome's built-in PDF viewer is one of the safest ways to open PDFs. It disables JavaScript execution and runs in a sandboxed process, isolating any potentially malicious content.
How can I tell if a PDF is malicious?
Red flags include: unexpected file sizes, requests to "enable" features or scripts, PDFs from unknown senders, and files that trigger security warnings in your PDF reader. When in doubt, open in Chrome or Google Drive's preview.
Back to .pdf overview
More about .pdf
How to Compress a PDF Reduce PDF file size without destroying quality — three methods, all free. PDF vs DOCX: When to Use Which Use DOCX when the document needs editing. Use PDF when it needs to look the same everywhere. How to Merge PDF Files Combine multiple PDFs into one document — free, no software required. How to Edit a PDF Without Adobe You don't need Acrobat. Here are five free ways to edit PDF content.