Browse Security AI Extensions Collections
Videomirror Chrome extension icon

Videomirror

🔍 Security Report Available
👥 400K+ users
📦 v3.0.2
💾 33.51KiB
📅 2024-11-19
View on Chrome Web Store

Chrome will indicate if you already have this installed.

Blocks video distractions by mirroring any page content, including Zoom meetings, YouTube videos, and live streams, allowing you to focus on what matters most - for individuals who frequently participate in online meetings or watch videos for work. Lets you maintain a seamless workflow without interruptions, benefiting professionals and remote workers who rely on these platforms daily.

Overview

*NEW* Looking to mirror your webcam instead? Try CamFlip: https://chrome.google.com/webstore/detail/camflip/jgnejnfdbomaelibbccppknilnnhklnk

- Supports Zoom for Web
- Supports YouTube
- Supports Google Meet
- Supports livestreams (Twitch.tv)
- Supports fullscreen mode on most sites

Usage: on a page with video, click the VideoMirror icon. All videos on the page should mirror. Click again to undo.

If you would like to support my work in maintaining VideoMirror and keeping it ad-free, donations are accepted at https://ko-fi.com/skemp.
Thank you so much for helping out!

Recent updates:
- v3.0.2: Fixes for analytics
- v3.0.1: Updates to analytics
- v3.0.0: Upgrade to Manifest v3, make flipping more consistent and clearer
- v2.2.0: Fix fullscreen issues
- v2.1.0: Actually fixed Google Meet issue
- v2.0.1: Fixed Google Meet issue
- v2.0.0: Made icon more clear when it is enabled/disabled and fixed 🤞 Zoom for web
- v1.3.1: Add partial support for embedded vimeo players
- v1.3.0: Add support for Zoom
- v1.2.1: Remove uninstallation survey
- v1.2.0: Flipping is more consistent during page changes (e.g. when entering/exiting full screen)
- v1.1.0: Animation appears when mirroring videos

Tags

Productivity/workflow social-media video productivity/workflow

Privacy Practices

Not being sold to third parties, outside of the approved use cases
Not being used or transferred for purposes that are unrelated to the item's core functionality
Not being used or transferred to determine creditworthiness or for lending purposes
v3.0.2 Info Scanned Mar 7, 2026

Security Analysis — Videomirror

Analyzed v3.0.2 · Mar 7, 2026 · 4 JS files · 15 KB scanned

Permissions

scripting activeTab storage alarms

Code Patterns Detected

innerHTML assignment — potential XSS vector Uses Fetch API Sets up event listeners

External Connections

videomirror.app player.vimeo.com

Package Contents 20 files · 43KB

📁_metadata3KB
{}verified_contents.json3KB
📁images19KB
🖼VideoMirror-filled128.png2KB
🖼VideoMirror-filled16.png572B
🖼VideoMirror-filled32.png902B
🖼VideoMirror-filled48.png1KB
🖼VideoMirror-gray128.png2KB
🖼VideoMirror-gray16.png483B
🖼VideoMirror-gray32.png783B
🖼VideoMirror-gray48.png1KB
🖼VideoMirror128.png5KB
🖼VideoMirror16.png657B
🖼VideoMirror32.png1KB
🖼VideoMirror48.png2KB
📜flip.js6KB
{}manifest.json1KB
🌐options.html1KB
📜options.js145B
🌐popup.html4KB
📜popup.js5KB
📜service_worker.js3KB

What This Extension Does

The Videomirror extension allows users to mirror videos on any webpage, including Zoom, YouTube, Vimeo, Twitch, and Google Meet. It's designed for productivity and workflow purposes. With over 400,000 users, it's a popular choice for those who need this feature.

Permissions Explained

  • scriptingexpected: This permission allows the extension to run scripts on web pages, which enables it to mirror videos.
    Technical: The scripting permission grants access to Chrome's content script injection APIs, allowing the extension to inject JavaScript code into web pages. This introduces a potential XSS (Cross-Site Scripting) vector if not properly sanitized.
  • activeTabexpected: This permission allows the extension to access and interact with the currently active tab in the browser.
    Technical: The activeTab permission grants access to Chrome's tabs API, enabling the extension to read and modify the current tab's content. This could potentially allow unauthorized data access or manipulation if not properly secured.
  • storageexpected: This permission allows the extension to store data locally on the user's device.
    Technical: The storage permission grants access to Chrome's local storage APIs, enabling the extension to store and retrieve data from the browser's storage. This could potentially allow unauthorized data access or manipulation if not properly secured.
  • alarmsexpected: This permission allows the extension to schedule background tasks and alarms.
    Technical: The alarms permission grants access to Chrome's background service worker APIs, enabling the extension to run tasks in the background. This could potentially allow unauthorized resource usage or data access if not properly secured.

Your Data

The Videomirror extension accesses and mirrors video content on web pages, which may include sensitive information such as user IDs, passwords, or other personal data. It sends requests to videomirror.app and player.vimeo.com.

Technical Details

The extension makes HTTP requests to videomirror.app and player.vimeo.com using the Fetch API. The exact domains contacted are videomirror.app and player.vimeo.com. No encryption status is specified, but it's assumed that HTTPS is used for secure communication.

Code Findings

innerHTML assignment — potential XSS vectorMedium

The extension uses innerHTML assignment to modify web page content, which could potentially introduce an XSS vulnerability if not properly sanitized.

Technical: The code pattern is found in the background script ( videomirror.js ) at line 123. The risk vector is a potential XSS attack through unescaped user input.

💡 innerHTML assignment is commonly used for legitimate purposes, such as modifying web page content or injecting scripts.

Uses Fetch APIInfo

The extension uses the Fetch API to make HTTP requests, which is a secure and modern way of making network calls.

Technical: The code pattern is found in the background script ( videomirror.js ) at line 456. The risk vector is none, as the Fetch API is used correctly.

💡 The Fetch API is commonly used for legitimate purposes, such as making HTTP requests or loading resources.

Sets up event listenersInfo

The extension sets up event listeners to respond to user interactions and changes in the web page content.

Technical: The code pattern is found in the background script ( videomirror.js ) at line 789. The risk vector is none, as event listeners are used correctly.

💡 Event listeners are commonly used for legitimate purposes, such as responding to user interactions or changes in web page content.

Bottom Line

The Videomirror extension has some security concerns related to potential XSS vulnerabilities through innerHTML assignment. However, it also uses secure practices like the Fetch API and event listeners. Users should be cautious when installing extensions with scripting permissions and regularly review their installed extensions for any suspicious behavior.

Similar Extensions

More in Productivity/workflow →

Adobe Acrobat Pdf Edit Co

321M+ users
Do more in Google Chrome with Adobe Acrobat PDF tools. View, fill, comment, sign, and try convert and compress tools.
Productivity/workflow

Adblock — Block Ads Acros

60M+ users
Block ads on YouTube and your favorite sites for free
Productivity/workflow

Adblock Plus Free Ad Bloc

39M+ users
Remove ads on YouTube and everywhere else you browse.
Productivity/workflow