Vidyard Screen Recorder S

Name: Security Analysis: Vidyard Screen Recorder S
Item: Vidyard Screen Recorder S
Rating: 1
Author: ChromeBoard

✨ AI-Powered 🔍 Security Report Available

👥 300K+ users

📦 v4.2.3

💾 42.58MiB

📅 2026-02-13

View on Chrome Web Store

Chrome will indicate if you already have this installed.

Lets you capture your screen, share your video and track who's watching it, making it a valuable asset for marketers, sales teams and customer support professionals looking to create engaging content and analyze its performance.

Overview

Record your screen or webcam, share your video, and track who's watching it! This screen recorder for Chrome is built to help you sell better. Easily record your webcam, screen, or both in just a few clicks. Share your video with a link and track when your videos get watched.
From prospecting to proposals, Vidyard’s screen recorder makes it easy to connect with more leads, qualify for better opportunities, and close more deals with personalized video.

KEY FEATURES

🖥 Record your screen directly from your browser
✨ Use AI to write personalized scripts at scale
🔗 Easily share your video link through email, social media, and more
💬 Get notified whenever someone views your video
📚 Manage all your Vidyard videos in one place, across devices and teams
🤹‍♀️ Integrate Vidyard videos with the sales tools your team already uses

OVER 12 MILLION PEOPLE CHOOSE VIDYARD

From HubSpot, Microsoft, LinkedIn, Marketo, Salesforce, and more, Vidyard is the video creation tool built to help sales teams sell better.

Screen Recorder

- Record your screen to create HD sales videos
- Record videos wherever you are with Vidyard’s iOS, Android, and desktop apps
- Use AI to write speaker notes and deliver your message with confidence
- Access on-screen drawing tools to highlight important information and drive your message home

Edit Your Videos

Trim your videos to remove unwanted footage
Stitch multiple videos together into one, so you don’t have to master the perfect single take
Choose an animated thumbnail from your footage

Share Your Videos Everywhere

- Share a link to your video via email, social, or however you communicate for free—no downloads or attachments
- Embed videos for inline playback on your website, blog, landing pages, and more
- Easily share videos to Facebook, Twitter, and LinkedIn with just a couple of clicks

Measure Video Success

- Get notified whenever anyone watches your videos
- Track engagement to see who’s watching your videos and for how long
- Integrate Vidyard with your CRM to quantify video pipeline, revenue, and ROI

Vidyard is the Video Platform Built for Sales

From easy video creation to powerful video analytics; from small business to enterprise. Vidyard’s free screen recording platform has all the features your business needs to connect with your audience, drive engagement, and delight your customers, wherever they are.

About Vidyard

Vidyard is the leading video platform for salespeople. More than 250,000 companies use its video messaging and video hosting tools to engage their customers and prospects more effectively.

(Please note, this extension was previously named Vidyard GoVideo.)

Privacy Practices

✓ Not being sold to third parties, outside of the approved use cases

✓ Not being used or transferred for purposes that are unrelated to the item's core functionality

✓ Not being used or transferred to determine creditworthiness or for lending purposes

v4.2.3 Critical Scanned Feb 22, 2026

Security Analysis — Vidyard Screen Recorder S

Analyzed v4.2.3 · Feb 22, 2026 · 21 JS files · 26058 KB scanned

Permissions

Code Patterns Detected

External Connections

www.w3.org api.vidyard.com secure.vidyard.com s3.amazonaws.com avatar.vidyard.com auth.vidyard.com github.com extension-backend.vidyard.com rollbar.com heapanalytics.com goodbye.vidyard.com sso.vidyard.com +8 more

Package Contents 195 files · 79.5MB

▾📁_metadata26KB

{}verified_contents.json26KB

▾📁images30.7MB

▾📁brands216KB

🖼inside_sales_excellence.svg187KB

🖼jb_sales.svg4KB

🖼katherine_caldwell.svg5KB

🖼sales_feed.svg5KB

🖼sales_gravy.svg4KB

🖼salesloft.svg4KB

🖼shari_levitin.svg2KB

🖼todd_caponi.svg2KB

🖼vidyard.svg3KB

▾📁components5KB

📄BannerIcon.jsx2KB

📄TemplatesIcon.jsx4KB

▾📁icons171KB

🖼icon-ai-camera-active.svg899B

🖼icon-ai-camera-inactive.svg899B

🖼icon-ai-screen-camera-active.svg1KB

🖼icon-ai-screen-camera-inactive.svg1KB

🖼icon-animated-sparkles.gif71KB

🖼icon-camera-active.svg785B

🖼icon-camera-gmail.svg420B

🖼icon-camera-off-disabled.svg702B

🖼icon-camera-off.svg836B

🖼icon-camera-on-disabled.svg663B

🖼icon-camera-on.svg664B

🖼icon-camera-only-disabled.svg822B

🖼icon-camera-only-on.svg819B

🖼icon-camera.svg785B

🖼icon-caret-up.svg227B

🖼icon-check.svg296B

🖼icon-circle-white.svg266B

🖼icon-circle.svg270B

🖼icon-close.svg388B

🖼icon-hover-close.svg920B

🖼icon-hover-record-person.svg1KB

🖼icon-hover-record-screen.svg2KB

🖼icon-hover-video.svg881B

🖼icon-hover-vidyard-logo.svg8KB

🖼icon-mic-disabled.svg741B

🖼icon-mic-off.svg929B

🖼icon-mic-on.svg701B

🖼icon-notes.svg2KB

🖼icon-pause.svg321B

🖼icon-play.svg218B

🖼icon-screen-active.svg886B

🖼icon-screen-camera-active.svg1KB

🖼icon-screen-camera.svg1KB

🖼icon-screen-on.svg580B

🖼icon-screen.svg886B

🖼icon-square.svg264B

🖼icon-sticky.svg591B

🖼icon-tab-on.svg579B

🖼icon-upload-128-1.png4KB

🖼icon-upload-128-2.png5KB

🖼icon-upload-128-3.png5KB

🖼icon-upload-48-1.png2KB

🖼icon-upload-48-2.png2KB

🖼icon-upload-48-3.png2KB

🖼icon-upload.svg2KB

🖼icon-vidyard-128.png9KB

🖼icon-vidyard-16.png2KB

🖼icon-vidyard-48.png4KB

🖼icon-vidyard-beta-128.png7KB

🖼icon-vidyard-beta-16.png1KB

🖼icon-vidyard-beta-48.png5KB

🖼icon-vidyard-dev-128.png4KB

🖼icon-vidyard-dev-16.png615B

🖼icon-vidyard-dev-48.png2KB

🖼icon-vidyard-staging-128.png4KB

🖼icon-vidyard-staging-16.png618B

🖼icon-vidyard-staging-48.png2KB

▾📁mocks10.4MB

🖼ai-avatar-mock-01.svg9.7MB

🖼ai-avatar-mock-02.svg265KB

🖼ai-avatar-mock-03.svg270KB

🖼ai-avatar-mock-04.svg267KB

▾📁speakerNotesOnboarding16.5MB

🖼congrats.svg492KB

🖼desktop-1.svg1KB

🖼desktop-2.svg2KB

🖼intro.svg26KB

🖼multiple-monitors-screen-1.svg1.9MB

🖼multiple-monitors-screen-2.svg7MB

📄share-tab.mp42.1MB

📄share-window.mp42MB

📄single-monitor-arrange.mp43MB

▾📁virtualBackgrounds1003KB

🖼cozy-cafe.jpg441KB

🖼office-desk.jpg253KB

🖼office-room.jpg308KB

📄BlurIcon.jsx2KB

🖼Google.svg757B

🖼LinkedIn.svg431B

🖼Outlook.svg333B

🖼VidyardLogoText.svg4KB

🖼ai-avatars-generating-video.svg30KB

🖼arrow-1.svg849B

🖼arrow-2.svg396B

🖼avatar-placeholder.svg12KB

🖼chrome-library-empty-state.svg58KB

🖼connection-established.svg38KB

🖼enable-permissions-vidyard.gif263KB

🖼failed-to-load.svg43KB

🖼favicon.ico15KB

🖼icon-vidyard-48.png4KB

🖼icon-vidyard-beta-48.png5KB

🖼icon-vidyard-dev-48.png2KB

🖼icon-vidyard-staging-48.png2KB

🖼keyboard-hover.svg3KB

🖼keyboard.svg3KB

🖼man-laptop-screen-recording.png14KB

🖼man-waving-video-recording.png71KB

🖼message.svg772B

🖼new-update-hover.svg1KB

🖼new-update.svg1KB

🖼notifications-empty-state.svg13KB

🖼player-thumbnail.svg583B

🖼prompt-example.png34KB

🖼ps_no-time.svg945B

🖼recording-blocked.svg96KB

🖼recording-page-background-bottom-left.svg380KB

🖼recording-page-background-bottom-right.svg5KB

🖼recording-page-background-top-right.svg25KB

🖼screen-share-example.png34KB

🖼squiggly-arrow.svg2KB

🖼thumbnail-placeholder.png16KB

🖼try-ai-avatars.png181KB

🖼unblock-cam-vidyard.gif25KB

🖼unblock-mic-vidyard.gif25KB

🖼woman-with-trophy-celebrating.png214KB

🖼workspace-promotion.svg784KB

▾📁modular5.4MB

▾📁models243KB

📄selfiesegmentation_mlkit-256x256-2021_01_19-v1215.f16.tflite243KB

▾📁tensorflow-deps5.1MB

⚙tflite-simd.wasm2.9MB

⚙tflite.wasm2.2MB

▾📁worklets1KB

📜scribeAudioProcessor.js1KB

🖼02d0dd3fda7de08cc94c.svg58KB

🖼3333e1811343fc72830f.jpg253KB

🖼5e1bff2aedb54e7436fb.jpg308KB

📜639.min.js26KB

📜816.min.js2.3MBlarge

📄816.min.js.LICENSE.txt10KB

🖼9f609d1f398136f2dc9e.svg296B

🖼aa18e4928bd8e7fe12bb.jpg441KB

🌐authenticationSuccess.html160B

🌐camera.html272B

🎨camera.min.css312B

📜camera.min.js519KBlarge

🌐cameraRecording.html415B

🎨cameraRecording.min.css2.6MB

📜cameraRecording.min.js694KBlarge

📄cameraRecording.min.js.LICENSE.txt2KB

📜ckeCheckVidyardSupport.min.js335B

🎨ckeInsertThumbnailLink.min.css1B

📜ckeInsertThumbnailLink.min.js90KBlarge

📄ckeInsertThumbnailLink.min.js.LICENSE.txt483B

🎨content.min.css99KB

📜content.min.js3.9MBlarge

📄content.min.js.LICENSE.txt2KB

🖼ea10559d686140a9abd4.png181KB

🎨eloquaEngageContent.min.css557B

📜eloquaEngageContent.min.js579KBlarge

📄eloquaEngageContent.min.js.LICENSE.txt1KB

🌐extensionPopup.html363B

🎨gmailContent.min.css310B

📜gmailContent.min.js1.6MBlarge

📄gmailContent.min.js.LICENSE.txt3KB

🎨gongContent.min.css1B

📜gongContent.min.js392KBlarge

🎨hoverRecorder.min.css2KB

📜hoverRecorder.min.js392KBlarge

📜inboxSDKpageWorld.min.js169KBlarge

📄inboxSDKpageWorld.min.js.LICENSE.txt848B

🌐library.html253B

🎨library.min.css64B

📜library.min.js432KBlarge

🎨linkedInContent.min.css4.4MB

📜linkedInContent.min.js575KBlarge

📄linkedInContent.min.js.LICENSE.txt1KB

{}manifest.json3KB

🌐offscreen.html396B

🎨offscreen.min.css1B

📜offscreen.min.js2.8MBlarge

📄offscreen.min.js.LICENSE.txt10KB

🌐overlayPopup.html277B

🎨overlayPopup.min.css2.6MB

📜overlayPopup.min.js1.3MBlarge

📄overlayPopup.min.js.LICENSE.txt3KB

🎨popup.min.css4.5MB

📜popup.min.js1.3MBlarge

📄popup.min.js.LICENSE.txt3KB

🎨salesforceContent.min.css557B

📜salesforceContent.min.js575KBlarge

📄salesforceContent.min.js.LICENSE.txt1KB

🎨service-worker.min.css1B

📜service-worker.min.js511KBlarge

📄service-worker.min.js.LICENSE.txt859B

🌐speakerNotes.html402B

🎨speakerNotes.min.css2.6MB

📜speakerNotes.min.js7.5MBlarge

📄speakerNotes.min.js.LICENSE.txt2KB

What This Extension Does

This extension records your screen and webcam to create personalized sales videos, which can be shared and tracked for engagement.

Permissions

storageexpected: Lets the extension save settings or data locally on your computer. A user might care if they're concerned about privacy of their browsing habits or personal information stored by extensions.
tabsexpected: Allows the extension to view and interact with your open browser tabs. This is needed if it wants to record specific pages or inject scripts into them.
webNavigationexpected: Enables the extension to track when you navigate between web pages. Useful for logging video engagement but could also log sensitive navigation behavior.
scriptingexpected: Lets the extension inject JavaScript into web pages. This is necessary for screen recording functionality but could also allow unauthorized code execution.
notificationsexpected: Allows the extension to show pop-up messages in your browser. This is used for alerts like when someone views a video.
activeTabexpected: Gives the extension access to the currently active tab only when triggered by user action (like clicking a button). This is standard and generally safe.
offscreenexpected: Enables the extension to run background tasks even when no visible UI is present. Needed for recording screen or audio in the background.
system.displayexpected: Used to access display information such as resolution or monitor count. Necessary if the extension needs to record multiple screens.
alarmsexpected: Enables scheduling background tasks at specific intervals. May be used to periodically check video analytics or sync data.
tabGroupsexpected: Allows grouping and managing tabs together. This is likely used for organizing video-related tasks but doesn't pose a direct risk.
downloadsexpected: Permits the extension to download files directly from the internet into your browser's downloads folder.
<all_urls>check this: Gives the extension broad permission to interact with any website you visit. This is a major concern because it allows access to all web traffic, including private information. ⚠ 1

Your Data

The extension can access and send data to several external servers, including Vidyard’s own services and analytics providers. It may collect information about your browsing behavior or video interactions.

Code Findings

InnerHTML assignmentMedium

The code uses innerHTML to insert content into web pages. This can be risky if that inserted content comes from an untrusted source, as it might allow attackers to run malicious scripts.

💡 Common practice in extensions that modify page content dynamically based on user actions or data fetched from APIs.

HTTP request generationInfo

The extension makes network requests to external servers. This is normal for an app that uploads videos and tracks analytics, but it's worth noting.

Keyboard event listenerHigh

The extension listens to keyboard events, which could be used to capture keystrokes or track user input — a potential privacy concern.

Trustworthiness

Developer: Developer name is not listed in the scan data; no clear indication of company or support links.
Privacy Policy: No privacy policy was found during scanning. This raises concerns about how user data may be handled, especially given the wide permissions and access to sensitive sites like Gmail and LinkedIn.
Install Base: Installed by 300,000 users. Recent updates suggest ongoing maintenance.

Bottom Line

This extension appears consistent with its purpose, but the <all_urls> permission means it can access all websites you visit and potentially collect sensitive data from any site — including private emails or business documents. Users should carefully consider whether they trust this level of access before installing.

Extension Overview

This extension records your screen and webcam to create personalized sales videos, which can be shared and tracked for engagement.

Permissions

storageexpected: Exposes Chrome's storage API allowing read/write access to extension-managed local storage (chrome.storage.local). An attacker could potentially extract saved credentials, session tokens, or usage patterns from this area. Not inherently risky unless misused for data exfiltration.
tabsexpected: Grants access to chrome.tabs API including tab content, URL information, and ability to manipulate tabs (e.g., close, activate). Could be used by an attacker to monitor browsing activity or inject malicious code into active tabs.
webNavigationexpected: Provides access to chrome.webNavigation API, which allows monitoring of page load events and URL changes across all tabs. Could be leveraged by an attacker to observe user activity or detect sensitive sites visited.
scriptingexpected: Grants access to chrome.scripting API, enabling injection of scripts into arbitrary tabs or frames. If misused, this can lead to full page compromise or data theft from targeted domains.
notificationsexpected: Exposes chrome.notifications API, which can display system-level notifications. While not directly harmful, could be abused for phishing or misleading UI prompts if combined with other permissions.
activeTabexpected: Provides limited access via chrome.tabs API restricted to current tab. Only usable after direct user interaction, so low risk unless combined with other permissions.
offscreenexpected: Allows creation of offscreen documents via chrome.offscreen API, useful for long-running processes like screen capture without needing a popup window.
system.displayexpected: Exposes chrome.system.display API, which provides details about connected displays and screen geometry. Could potentially be used for fingerprinting purposes.
alarmsexpected: Grants access to chrome.alarms API, allowing periodic execution of code in the background service worker. Could enable persistent tracking or automated actions if misused.
tabGroupsexpected: Provides access to chrome.tabGroups API, enabling tab organization features. No significant security implications unless combined with other permissions.
downloadsexpected: Grants access to chrome.downloads API, allowing file retrieval and saving. Could be misused for downloading malware or sensitive data if not properly controlled.
<all_urls>check this: Grants full read/write access to all URLs via chrome.declarativeNetRequest and content script injection capabilities. Allows interception of network requests, modification of page content, and potential data exfiltration from any site visited by the user. This permission is excessive for a screen recorder unless it's performing deep integration with many platforms. ⚠ 1

Data Exposure (Technical)

External domains contacted include api.vidyard.com, secure.vidyard.com, s3.amazonaws.com, avatar.vidyard.com, auth.vidyard.com, extension-backend.vidyard.com, rollbar.com, heapanalytics.com, goodbye.vidyard.com, and sso.vidyard.com. Data transmitted likely includes cookies, page content (for injection), keystrokes during recording, video metadata, and potentially user identifiers or session tokens depending on how the extension handles authentication.

Code Findings

InnerHTML assignmentMedium

Detected use of innerHTML assignment in a content script or injected code context (e.g., document.body.innerHTML = ...). If the value being assigned is derived from user input or external sources, this creates a potential XSS vector. The risk depends on whether the source is static or dynamic and how it's sanitized.

💡 Common practice in extensions that modify page content dynamically based on user actions or data fetched from APIs.

HTTP request generationInfo

Code generates HTTP(S) requests using fetch or XMLHttpRequest APIs targeting various domains including api.vidyard.com and s3.amazonaws.com. These are likely used for uploading recordings, syncing data, or retrieving configuration settings. No evidence of insecure protocols like plain HTTP were found.

Keyboard event listenerHigh

Detected use of addEventListener('keydown', ...) in content scripts or background context. If this listener captures sensitive inputs like passwords or personal messages, it represents a significant risk for data theft. The extension may also be capturing global key combinations used to trigger screen recording features.

Code Analysis

Obfuscation: Standard minification observed; no heavy obfuscation techniques such as control flow flattening or string encoding detected.
Content Security Policy: Content Security Policy is present and restricts script execution within extension pages. It allows 'self' scripts and wasm-unsafe-eval, which may be acceptable for legitimate functionality but should still be reviewed carefully to ensure no unsafe inline code can execute.
Architecture: Uses Manifest V3 architecture with background service worker and content scripts injected into specific domains (e.g., Gmail, LinkedIn). The extension appears designed around a modular approach where different parts of the UI are handled by distinct content scripts. However, <all_urls> permission implies broad access that isn't clearly justified for core functionality.

Transparency

Developer: Developer name is not listed in the scan data; no clear indication of company or support links.
Privacy Policy: No privacy policy was found during scanning. This raises concerns about how user data may be handled, especially given the wide permissions and access to sensitive sites like Gmail and LinkedIn.
Code Visibility: Code appears bundled/minified with standard JavaScript compression techniques; not easily readable for independent auditing without decompilation tools.
Install Base: Installed by 300,000 users. Recent updates suggest ongoing maintenance.

Researcher Assessment

The presence of <all_urls> creates a high-risk surface area for potential misuse, especially when combined with content script injection capabilities and keyboard event listeners. The extension's architecture allows broad interception of network traffic and DOM manipulation across all domains, which could enable advanced persistent tracking or data exfiltration if exploited. While no direct evidence of malicious behavior was found, the risk profile is elevated due to excessive permissions and lack of transparency in developer identity or privacy policy.