YouTube Lyrics Extension – Real-Time Synced Lyrics | YT Lyrics
Version 1.0.9 View in Chrome Web Store
Extension Details
Context-Aware Verdict
The extension has a decent rating of 4.8 stars from 19 reviews, though the user base is relatively small at 962 users. The developer uses a Vercel-hosted website, which is a legitimate hosting platform, but provides limited company information or transparency about the development team.
The primary concern is the broad host permissions that extend beyond YouTube to include external lyrics APIs (lrclib.net, lyrics.ovh) and all Vercel subdomains. While these permissions appear functionally necessary for fetching lyrics data, the wildcard Vercel permission (*.vercel.app/*) is overly broad and could potentially access other unrelated services. The extension's small user base and limited review history make it difficult to establish a strong trust foundation. The activeTab and storage permissions are appropriate for the extension's functionality.
This extension appears legitimate for its stated purpose of displaying YouTube lyrics, but exercise caution due to the broad permissions. Consider running it in a separate Chrome profile if you're concerned about data exposure. Monitor the extension's behavior and revoke permissions if you notice any suspicious activity. Given the small user base, you might want to wait for broader adoption or look for more established alternatives with similar functionality and better-defined permission scopes.
Findings
Security Analysis Details
Required Permissions:
- activeTab
- scripting
- storage
Host Permissions:
- https://www.youtube.com/*
- https://lrclib.net/*
- https://api.lyrics.ovh/*
- https://*.vercel.app/*
Embedded URLs (15 total):
| https://n-six-rust-seven.vercel.app/api/track | https://n-six-rust.vercel.app/api/track | |
| https://lrclib.net/api/search?artist_name= | https://lrclib.net/api/search?track_name= | |
| https://lrclib.net/api/search?q= | https://api.lyrics.ovh/v1/ | |
| https://clients2.google.com/service/update2/crx | https://www.youtube.com/ | |
| https://lrclib.net/ | https://api.lyrics.ovh/ | |
| https://lrclib.net/api/search?artist_name=Artist&track_name=Song | https://lrclib.net/api/search?q=Artist | |
| https://lrclib.net/api/search?track_name=Song | https://lrclib.net/api/search?... | |
| https://lrclib.net |
Raw Manifest
{ "name": "YouTube Lyrics Extension – Real-Time Synced Lyrics | YT Lyrics", "icons": { "16": "icon16.png", "48": "icon48.png", "128": "icon128.png" }, "action": { "default_icon": { "16": "icon16.png", "48": "icon48.png", "128": "icon128.png" }, "default_popup": "popup.html" }, "version": "1.0.9", "background": { "service_worker": "background.js" }, "update_url": "https://clients2.google.com/service/update2/crx", "description": "✨ Shows real-time synced lyrics on YouTube. A simple YouTube lyrics extension for music videos and songs.", "permissions": [ "activeTab", "scripting", "storage" ], "content_scripts": [ { "js": [ "analytics.js", "content.js" ], "run_at": "document_end", "matches": [ "*://*.youtube.com/*" ] } ], "host_permissions": [ "https://www.youtube.com/*", "https://lrclib.net/*", "https://api.lyrics.ovh/*", "https://*.vercel.app/*" ], "manifest_version": 3 }
ⓘ CRXaminer has partnered with our friends at Secure Annex to provide additional findings unique to their platform.
Secure Annex also analyzes extensions from other browsers, IDEs, and can continuously monitor.
This extension may not yet be analyzed by Secure Annex.