Read Aloud: A Text to Speech Voice Reader
π Security Report Available View on Chrome Web StoreChrome will indicate if you already have this installed.
Overview
Read aloud the current web-page article with one click, using text to speech (TTS). Supports 40+ languages.
Tags
Privacy Practices
β
Does not sell your data to third parties
β
Does not use data for unrelated purposes
Security Analysis
Permissions
Code Patterns Detected
External Connections
Package Contents 93 files Β· 1MB
βΎ_locales54KB
βΎen5KB
messages.json5KB
βΎes5KB
messages.json5KB
βΎit5KB
messages.json5KB
βΎja5KB
messages.json5KB
βΎru7KB
messages.json7KB
βΎtg8KB
messages.json8KB
βΎtr5KB
messages.json5KB
βΎvi5KB
messages.json5KB
βΎzh_CN5KB
messages.json5KB
βΎzh_TW5KB
messages.json5KB
βΎ_metadata12KB
verified_contents.json12KB
βΎcss309KB
βΎimages33KB
ui-bg_diagonals-small_40_db4865_40x40.png332B
ui-bg_diagonals-small_50_93c3cd_40x40.png333B
ui-bg_diagonals-small_50_ff3853_40x40.png330B
ui-bg_diagonals-small_75_ccd232_40x40.png333B
ui-bg_dots-medium_80_ffff38_4x4.png225B
ui-bg_dots-small_35_35414f_2x2.png223B
ui-bg_white-lines_85_f7f7ba_40x100.png364B
ui-icons_454545_256x240.png7KB
ui-icons_88a206_256x240.png4KB
ui-icons_c02669_256x240.png4KB
ui-icons_e1e463_256x240.png4KB
ui-icons_ffeb33_256x240.png4KB
ui-icons_ffffff_256x240.png6KB
bootstrap.min.css141KB
common.css987B
material-icons.woff2125KB
options.css6KB
popup.css3KB
βΎimg54KB
icon-16.png541B
icon-48.png1KB
icon.png13KB
loading.gif40KB
βΎjs571KB
βΎcontent67KB
acrobatiq.js100B
archiveofourown.js406B
chatgpt.js1011B
chegg-book.js2KB
google-doc.js15KB
google-drive-doc.js885B
google-drive-preview.js908B
google-play-book.js2KB
google-slides.js2KB
googleDocsUtil.js16KB
html-doc.js7KB
ixl.js689B
khan-academy.js644B
kindle-book.js5KB
libbyapp.js2KB
onedrive-doc.js2KB
pdf-doc.js4KB
pearson.js1KB
vitalsource-book.js329B
webnovel.js1KB
wwnorton.js1KB
yd-app-web.js2KB
βΎpage
google-doc.js74B
advanced-options.js324B
aws-sdk.js12KB
connect-phone.js1KB
content-handlers.js8KB
content.js8KB
custom-voices.js8KB
defaults.js36KB
document.js12KB
events.js13KB
google-translate.js4KB
jquery-3.7.1.min.js85KBlarge
languages.js11KB
messaging.js6KB
offscreen.js1KB
options.js16KB
pdf-viewer.js2KB
peerjs.min.js92KBlarge
player.js15KB
popup.js12KB
report.js1015B
rxjs.umd.min.js86KBlarge
speech.js14KB
tts-engines.js63KBlarge
βΎsound10KB
silence.mp310KB
advanced-options.html928B
background.js186B
connect-phone.html2KB
custom-voices.html8KB
languages.html1KB
manifest.json2KB
offscreen.html300B
options.html4KB
pdf-viewer.html571B
player.html3KB
popup.html2KB
report.html2KB
shortcuts.html960B
What This Extension Does
The Read Aloud: A Text to Speech Voice Reader extension allows users to read aloud web-page articles with one click, supporting over 40 languages. It appears to be an accessibility-focused extension that enables text-to-speech functionality.Permissions Explained
- activeTab: Allows the extension to access and interact with the currently active tab in the browser.
- contextMenus: Enables the extension to create custom context menus within the browser.
- identity: Grants access to user identity information, such as login credentials and profile data.
- offscreen: Allows the extension to run scripts on pages that are not currently visible in the browser.
- scripting: Enables the extension to execute scripts within web pages.
- storage: Grants access to browser storage mechanisms (e.g., local storage, session storage).
- tts and ttsEngine: Permissions related to text-to-speech functionality, which is the primary purpose of this extension.
- webRequest: Allows the extension to intercept and modify web requests made by the browser.
- https://translate.google.com/: A specific permission granted to a Google Translate domain.
What We Found in the Code
- [high] Function constructor used β dynamic code execution: This flag is likely related to the extension's use of text-to-speech functionality or other interactive features. It may be using eval() or similar constructs for dynamic code execution, which can pose security risks if not properly sanitized.
- [medium] innerHTML assignment β potential XSS vector: This flag is likely a normal coding pattern used for UI rendering within the extension's interface. However, it's worth noting that innerHTML assignments can potentially lead to cross-site scripting (XSS) vulnerabilities if untrusted data is being inserted into the DOM.
- [info] Makes HTTP requests: This is a standard behavior for extensions that need to communicate with external services or APIs.
External Connections
The extension communicates with several domains, including:- GitHub (github.com)
- Google Translate and Text-to-Speech APIs (translate.google.com, texttospeech.googleapis.com)
- Other Google-related domains (docs.google.com, books.googleusercontent.com)
- Custom domains related to the extension's functionality (support.readaloud.app, readaloud.app)
Things to Consider
Based on this analysis, users may want to consider the following:- The extension's use of the webRequest permission is unusual for its intended purpose. While it may be necessary for certain features, it could also indicate broader access to user data or browsing behavior.
- The extension's reliance on dynamic code execution and innerHTML assignments may pose security risks if not properly sanitized.
- Users should carefully review the extension's permissions and functionality to ensure they align with their expectations.
Similar Extensions
More in Make Chrome Yours/accessibility βBoost reading and writing confidence across all types of content and devices, in class, at work, and at home.
360 Internet Protection
Screenshot reading support for Read&Write for Google Chromeβ’
Create, convert, connect: take your digital documents to the next level with OrbitNote.