πŸ“¦

Read Aloud: A Text to Speech Voice Reader

πŸ” Security Report Available
πŸ‘₯ 6M+ users
πŸ“¦ v2.22.0
πŸ’Ύ 439KiB
πŸ“… 2025-12-12
View on Chrome Web Store

Chrome will indicate if you already have this installed.

Overview

Read aloud the current web-page article with one click, using text to speech (TTS). Supports 40+ languages.

Tags

Make Chrome Yours/accessibility make chrome yours/accessibility

Privacy Practices

βœ… Does not sell your data to third parties
βœ… Does not use data for unrelated purposes

Security Analysis

Analyzed v2.22.0 Β· Feb 22, 2026 Β· 47 JS files Β· 571 KB scanned

Permissions

activeTab contextMenus identity offscreen scripting storage tts ttsEngine webRequest webNavigation https://translate.google.com/

Code Patterns Detected

Function constructor used β€” dynamic code execution innerHTML assignment β€” potential XSS vector Makes HTTP requests

External Connections

github.com docs.google.com assets.lsdsoftware.com texttospeech.googleapis.com cxl-services.appspot.com books.googleusercontent.com ereader-web-viewer.chegg.com luoa-content.s3.amazonaws.com ttstool.com opencollective.com support.readaloud.app readaloud.app +8 more

Package Contents 93 files Β· 1MB

β–ΎπŸ“_locales54KB
β–ΎπŸ“en5KB
{}messages.json5KB
β–ΎπŸ“es5KB
{}messages.json5KB
β–ΎπŸ“it5KB
{}messages.json5KB
β–ΎπŸ“ja5KB
{}messages.json5KB
β–ΎπŸ“ru7KB
{}messages.json7KB
β–ΎπŸ“tg8KB
{}messages.json8KB
β–ΎπŸ“tr5KB
{}messages.json5KB
β–ΎπŸ“vi5KB
{}messages.json5KB
β–ΎπŸ“zh_CN5KB
{}messages.json5KB
β–ΎπŸ“zh_TW5KB
{}messages.json5KB
β–ΎπŸ“_metadata12KB
{}verified_contents.json12KB
β–ΎπŸ“css309KB
β–ΎπŸ“images33KB
πŸ–Όui-bg_diagonals-small_40_db4865_40x40.png332B
πŸ–Όui-bg_diagonals-small_50_93c3cd_40x40.png333B
πŸ–Όui-bg_diagonals-small_50_ff3853_40x40.png330B
πŸ–Όui-bg_diagonals-small_75_ccd232_40x40.png333B
πŸ–Όui-bg_dots-medium_80_ffff38_4x4.png225B
πŸ–Όui-bg_dots-small_35_35414f_2x2.png223B
πŸ–Όui-bg_white-lines_85_f7f7ba_40x100.png364B
πŸ–Όui-icons_454545_256x240.png7KB
πŸ–Όui-icons_88a206_256x240.png4KB
πŸ–Όui-icons_c02669_256x240.png4KB
πŸ–Όui-icons_e1e463_256x240.png4KB
πŸ–Όui-icons_ffeb33_256x240.png4KB
πŸ–Όui-icons_ffffff_256x240.png6KB
🎨bootstrap.min.css141KB
🎨common.css987B
πŸ”€material-icons.woff2125KB
🎨options.css6KB
🎨popup.css3KB
β–ΎπŸ“img54KB
πŸ–Όicon-16.png541B
πŸ–Όicon-48.png1KB
πŸ–Όicon.png13KB
πŸ–Όloading.gif40KB
β–ΎπŸ“js571KB
β–ΎπŸ“content67KB
πŸ“œacrobatiq.js100B
πŸ“œarchiveofourown.js406B
πŸ“œchatgpt.js1011B
πŸ“œchegg-book.js2KB
πŸ“œgoogle-doc.js15KB
πŸ“œgoogle-drive-doc.js885B
πŸ“œgoogle-drive-preview.js908B
πŸ“œgoogle-play-book.js2KB
πŸ“œgoogle-slides.js2KB
πŸ“œgoogleDocsUtil.js16KB
πŸ“œhtml-doc.js7KB
πŸ“œixl.js689B
πŸ“œkhan-academy.js644B
πŸ“œkindle-book.js5KB
πŸ“œlibbyapp.js2KB
πŸ“œonedrive-doc.js2KB
πŸ“œpdf-doc.js4KB
πŸ“œpearson.js1KB
πŸ“œvitalsource-book.js329B
πŸ“œwebnovel.js1KB
πŸ“œwwnorton.js1KB
πŸ“œyd-app-web.js2KB
β–ΎπŸ“page
πŸ“œgoogle-doc.js74B
πŸ“œadvanced-options.js324B
πŸ“œaws-sdk.js12KB
πŸ“œconnect-phone.js1KB
πŸ“œcontent-handlers.js8KB
πŸ“œcontent.js8KB
πŸ“œcustom-voices.js8KB
πŸ“œdefaults.js36KB
πŸ“œdocument.js12KB
πŸ“œevents.js13KB
πŸ“œgoogle-translate.js4KB
πŸ“œjquery-3.7.1.min.js85KBlarge
πŸ“œlanguages.js11KB
πŸ“œmessaging.js6KB
πŸ“œoffscreen.js1KB
πŸ“œoptions.js16KB
πŸ“œpdf-viewer.js2KB
πŸ“œpeerjs.min.js92KBlarge
πŸ“œplayer.js15KB
πŸ“œpopup.js12KB
πŸ“œreport.js1015B
πŸ“œrxjs.umd.min.js86KBlarge
πŸ“œspeech.js14KB
πŸ“œtts-engines.js63KBlarge
β–ΎπŸ“sound10KB
πŸ“„silence.mp310KB
🌐advanced-options.html928B
πŸ“œbackground.js186B
🌐connect-phone.html2KB
🌐custom-voices.html8KB
🌐languages.html1KB
{}manifest.json2KB
🌐offscreen.html300B
🌐options.html4KB
🌐pdf-viewer.html571B
🌐player.html3KB
🌐popup.html2KB
🌐report.html2KB
🌐shortcuts.html960B

What This Extension Does

The Read Aloud: A Text to Speech Voice Reader extension allows users to read aloud web-page articles with one click, supporting over 40 languages. It appears to be an accessibility-focused extension that enables text-to-speech functionality.

Permissions Explained

  • activeTab: Allows the extension to access and interact with the currently active tab in the browser.
+ Standard for this type of extension.
  • contextMenus: Enables the extension to create custom context menus within the browser.
+ Unusual, but not necessarily a security concern; more likely related to the extension's UI features.
  • identity: Grants access to user identity information, such as login credentials and profile data.
+ Unusual for an accessibility-focused extension like this. It may be used for features that aren't explicitly mentioned in the description (e.g., personalized settings or integration with other services).
  • offscreen: Allows the extension to run scripts on pages that are not currently visible in the browser.
+ Standard for extensions that need to perform background tasks, but could potentially be misused if not properly sandboxed.
  • scripting: Enables the extension to execute scripts within web pages.
+ Standard for this type of extension; necessary for text-to-speech functionality and other interactive features.
  • storage: Grants access to browser storage mechanisms (e.g., local storage, session storage).
+ Standard for extensions that need to store user data or settings.
  • tts and ttsEngine: Permissions related to text-to-speech functionality, which is the primary purpose of this extension.
+ Expected and necessary for its intended use case.
  • webRequest: Allows the extension to intercept and modify web requests made by the browser.
+ HIGH-risk permission; unusual for an accessibility-focused extension like this. It may be used for features that aren't explicitly mentioned in the description (e.g., ad blocking, content filtering).
  • https://translate.google.com/: A specific permission granted to a Google Translate domain.

What We Found in the Code

  • [high] Function constructor used β€” dynamic code execution: This flag is likely related to the extension's use of text-to-speech functionality or other interactive features. It may be using eval() or similar constructs for dynamic code execution, which can pose security risks if not properly sanitized.
  • [medium] innerHTML assignment β€” potential XSS vector: This flag is likely a normal coding pattern used for UI rendering within the extension's interface. However, it's worth noting that innerHTML assignments can potentially lead to cross-site scripting (XSS) vulnerabilities if untrusted data is being inserted into the DOM.
  • [info] Makes HTTP requests: This is a standard behavior for extensions that need to communicate with external services or APIs.

External Connections

The extension communicates with several domains, including:
  • GitHub (github.com)
  • Google Translate and Text-to-Speech APIs (translate.google.com, texttospeech.googleapis.com)
  • Other Google-related domains (docs.google.com, books.googleusercontent.com)
  • Custom domains related to the extension's functionality (support.readaloud.app, readaloud.app)
These connections appear expected for an accessibility-focused extension that provides text-to-speech functionality and integrates with external services.

Things to Consider

Based on this analysis, users may want to consider the following:
  • The extension's use of the webRequest permission is unusual for its intended purpose. While it may be necessary for certain features, it could also indicate broader access to user data or browsing behavior.
  • The extension's reliance on dynamic code execution and innerHTML assignments may pose security risks if not properly sanitized.
  • Users should carefully review the extension's permissions and functionality to ensure they align with their expectations.
Ultimately, users must weigh these findings against their individual needs and preferences when deciding whether to install and use this extension.
πŸ“¦
Boost reading and writing confidence across all types of content and devices, in class, at work, and at home.
Make Chrome Yours/accessibility
360 Internet Protection
Make Chrome Yours/accessibility
πŸ“¦
Screenshot reading support for Read&Write for Google Chromeβ„’
Make Chrome Yours/accessibility
πŸ“¦

Orbitnote

6M+ users
Create, convert, connect: take your digital documents to the next level with OrbitNote.
Make Chrome Yours/accessibility