What is SecureLint and how does it work?

SecureLint is a Chrome extension that runs entirely in your browser. It scans text you type or paste into any web editor in real time, detects sensitive data (API keys, passwords, tokens, credentials), and masks it before it can leak. It also blocks phishing sites using a 14-layer detection engine before the page fully loads.

Is my data ever sent to a server?

For individual users — no. All detection, masking, and phishing checks happen 100% locally inside your browser. No page content, typed text, or detected secrets are ever transmitted to any server. For Enterprise users, masked incident reports (never raw secrets) can be sent to your organization's admin dashboard only when explicitly enabled by your IT admin.

Does SecureLint work on all websites?

Yes. SecureLint works across all websites — standard inputs, textareas, contenteditable elements, and rich text editors like CodeMirror, Monaco, Ace, TinyMCE, CKEditor, and popular productivity tools like Gmail, Slack, Notion, ChatGPT, and more.

How does phishing detection work?

SecureLint uses a 14-layer engine: bloom filter, URL heuristics, homograph/IDN analysis, typosquat detection, WHOIS domain-age check, SSL certificate validation, Google Safe Browsing, and page-content scanning for credential-harvesting language. If Google Safe Browsing confirms the site is safe, the site is automatically unblocked — no false positives.

What types of secrets does SecureLint detect?

SecureLint detects 100+ secret types including AWS, GCP, and Azure credentials; JWT tokens; OAuth access and refresh tokens; database connection strings (MongoDB, Redis, MySQL, PostgreSQL); private keys and certificates (RSA, EC, PGP); Stripe, Slack, and GitHub API keys; SSNs, Aadhaar numbers, and credit card patterns.

Is SecureLint free to use?

SecureLint is a paid product with Pro and Enterprise plans. The Pro plan is designed for individual developers and security professionals, while Enterprise is built for IT and security teams needing full DLP, admin dashboard, and SLA-backed support. Both plans can be activated instantly from securelint.in.

Can I switch plans or cancel anytime?

Yes. You can upgrade, downgrade, or cancel your subscription at any time from your dashboard. If you cancel, your Pro or Enterprise features remain active until the end of your current billing period.

What payment methods are accepted?

For Indian users we accept all major UPI apps (PhonePe, GPay, Paytm), credit and debit cards, and net banking via Razorpay. For international users we accept PayPal and Google Pay.

Does SecureLint check SSL certificates in real time?

Yes. SecureLint performs a real-time SSL/HTTPS certificate check on every page you visit. If the certificate is expired, self-signed, or the site is running on plain HTTP for a login or payment page, SecureLint raises an immediate alert so you never enter credentials on an insecure connection.

How does the domain age alert work?

Phishing sites are almost always newly registered — often less than 7 days old. SecureLint queries WHOIS data in real time and flags any site where the domain was registered recently, showing you the exact registration date before you interact with the page.

Is SecureLint a VAPT tool?

SecureLint performs a continuous, passive VAPT-style real-time scan directly in your browser. It detects exposed credentials, weak SSL, suspicious domains, phishing indicators, XSS attempts, and clickjacking on every page you visit — without requiring any manual test setup. It is not a replacement for a full penetration test, but gives developers and security teams instant, always-on threat visibility.

What is real-time browser security scanning?

Real-time browser security scanning means SecureLint analyses every page you open, every URL you visit, and every input you type — instantly, before threats can cause damage. It checks for phishing indicators, exposed API keys, SSL validity, domain age, redirect chains, crypto drainers, and XSS payloads — all within milliseconds and entirely inside your browser.

How do I install SecureLint?

Visit the Chrome Web Store, search for 'SecureLint' or click the direct install link on securelint.in. Click 'Add to Chrome', confirm permissions, and SecureLint is active immediately — no account required for the free tier.

Does SecureLint slow down my browser?

No. SecureLint is engineered for sub-millisecond detection using optimised regex engines and a local bloom filter for phishing checks. It runs in a content-script context with minimal CPU and memory footprint — independent benchmark tests show less than 2 ms latency per scan cycle.

What is the Enterprise plan?

Enterprise is designed for IT and security teams. It adds centralized policy management, email DLP and send blocking, WAF and social-domain blocking, incident reporting, admin dashboard, and dedicated support with an SLA. Contact our sales team for pricing.

SecureLint Research Team

VAPTLabs Security Research

Jun 16, 2026·7 min read

Meeting Mode: How SecureLint Blurs Secrets the Second a Video Call Starts

You are sharing your screen on a Google Meet call, walking a new client through your dashboard, when a teammate spots something in the background: a long string of characters in an open tab. An AWS access key. Or a Stripe secret. Or a database connection string. It happens in seconds and you don't notice until someone asks, “is that your production key?”

SecureLint Meeting Mode exists precisely to close this gap. The moment the extension detects an active video call, it automatically blurs every sensitive credential it can find across all your open browser tabs — before a single pixel reaches the screen share stream. When the meeting ends, the blur lifts. No manual toggles, no closing tabs, no pre-call checklists.

What is SecureLint Meeting Mode?

Meeting Mode is SecureLint's automatic privacy layer that activates in response to an active video call. Unlike generic screen-sharing tips that ask you to manually close sensitive tabs before each call, Meeting Mode works the other way round: it masks data in place so you never have to choose between having the right tools open and keeping secrets off the screen.

When a call is detected, SecureLint overlays a blur on every DOM element whose visible text matches a known credential pattern — API keys, database passwords, tokens, and card numbers. The blur is applied client-side, inside the browser extension, with zero network round-trips. From the outside, your screen share shows blurred placeholders where secrets would be. Your own view is identical to your colleagues' — a constant reminder that the masking is active.

How SecureLint detects an active video call

SecureLint watches two independent signals inside the browser extension manifest, both of which stay entirely on-device:

Tab URL and title patterns — SecureLint maintains a fast regex index of known meeting URLs: meet.google.com/*, zoom.us/wc/*, teams.microsoft.com/*, app.webex.com/*, *.jitsi.org/*, and several others. Any tab matching these patterns flips Meeting Mode on within milliseconds.
Camera and microphone permission grants— A video call almost always requests camera and microphone access. SecureLint listens to the browser's permissions API. When a page is granted both camera and microphone access, Meeting Mode activates for that session even if the URL is not on the known list — for example, a custom enterprise video tool on a private subdomain.

Privacy note: No audio, video, or screen content is ever read, captured, or transmitted by SecureLint. The extension only reads tab metadata (URL, title) and permission state — both are local browser signals.

What gets blurred during a meeting

SecureLint's detection engine covers more than 100 credential patterns across every major cloud and SaaS platform:

Cloud provider keys — AWS Access Keys (AKIA…), AWS Secret Access Keys, GCP service account JSON, Azure client secrets
Source control tokens — GitHub personal access tokens (ghp_…), GitLab personal tokens, Bitbucket app passwords
Payment gateway secrets — Stripe live secret keys (sk_live_…), Stripe restricted keys, Razorpay key_secret values
AI platform keys — OpenAI API keys (sk-proj-…), Anthropic API keys, Cohere keys
Project management tokens — Jira API tokens, Atlassian OAuth secrets, Linear API keys, Notion integration tokens
Database credentials — PostgreSQL and MySQL connection strings, MongoDB Atlas URIs, Redis AUTH strings
Auth tokens — JWT tokens (three dot-separated base64 segments), OAuth access and refresh tokens
Private keys — PEM-encoded RSA and ECDSA private keys, SSH private key blocks
Payment card numbers — Luhn-validated 13–19 digit card numbers not inside a type="password" field

Patterns are matched against the rendered text content of every visible element on the page as well as input field values that are not of type password. The match runs against the DOM, not raw HTTP responses, so it works on single-page apps, dashboards loaded via AJAX, and server-side-rendered pages alike.

How the blur engine works technically

When Meeting Mode activates, SecureLint performs the following steps on each open tab:

DOM traversal — A content script walks the live DOM collecting all text nodes and input values. It skips script, style, noscript, and template elements.
Pattern matching — Each text node is tested against a compiled regex set. The engine is greedy: it matches the longest possible token that looks like a credential and ignores surrounding prose.
Overlay injection — Matched nodes receive a data-sl-masked attribute and SecureLint injects a ::before pseudo-element via a dynamically inserted stylesheet that renders a solid blur overlay on top of the matched text. The underlying DOM text is unchanged — only the visual presentation is altered.
Mutation observer — A MutationObserver watches for new content added to the DOM (lazy-loaded panels, WebSocket pushes) and re-runs the pattern matcher on added nodes, ensuring secrets that appear after page load are also blurred.
Cleanup on call end — When the meeting tab closes or permissions are revoked, SecureLint removes the injected stylesheet and clears all data-sl-masked attributes, restoring the page to its original state.

Setting up Meeting Mode in SecureLint

Meeting Mode requires no configuration. It is enabled by default after you install the SecureLint Chrome extension:

✅Install SecureLint from the Chrome Web Store and pin the extension to your toolbar.
✅Click the SecureLint icon and confirm Meeting Mode shows as On in the settings panel.
✅Open a Google Meet or Zoom tab. A green indicator in the SecureLint toolbar icon confirms the call was detected.
✅Switch to any tab containing API keys or credentials. Sensitive values are overlaid with blur masks.
✅End the call. All blur overlays clear automatically within two seconds of the meeting tab closing.

For enterprise deployments, IT admins can enforce Meeting Mode as a non-overrideable policy via the SecureLint admin console, preventing employees from accidentally disabling it before a call.

When the blur lifts automatically

SecureLint lifts the blur when any of the following is true:

The meeting tab (Google Meet, Zoom, Teams) is closed.
The meeting tab navigates away from the call URL (e.g., back to the Google Meet home screen).
The page that held camera/microphone permission is unloaded or the permissions are revoked.
You manually click Pause Meeting Mode in the SecureLint panel (the blur lifts for 10 minutes, then re-arms automatically).

The state machine is evaluated every 3 seconds in the background service worker, so the maximum lag between a call ending and the blur lifting is under 5 seconds in practice.

Meeting Mode vs manually hiding tabs

The conventional advice is: close sensitive tabs before a call. That advice works until you need those tabs open to do your job — a developer on a support call needs the production console open, a founder doing a live demo needs the real Stripe dashboard.

Manual tab management also fails in two predictable ways:

The unexpected call — Someone shares a Slack Huddle link mid-conversation and you join before you have time to sweep your tabs.
New content after the call starts— A CI/CD system pushes a deployment key to a dashboard tab that was already open and “safe” when you started sharing.

Meeting Mode handles both. It is always watching, it activates instantly, and it covers dynamic content that appears after the call begins. You keep every tab open that you need, and SecureLint makes sure none of the credentials in them reach the screen share.

Frequently asked questions

Which video call apps does SecureLint Meeting Mode detect?

SecureLint Meeting Mode detects Zoom Web Client, Google Meet, Microsoft Teams, Webex, Jitsi Meet, and any site that requests camera and microphone permissions simultaneously. When any of these are active in a tab, secrets across all your other open tabs are immediately blurred.

What types of secrets does SecureLint blur in Meeting Mode?

SecureLint blurs AWS access and secret keys, GitHub personal access tokens, Stripe live secret keys, OpenAI project keys, Razorpay keys, Jira API tokens, database connection strings, JWT tokens, SSH private key blocks, and 100+ other credential patterns — all identified in real time locally in the browser.

Does SecureLint record my screen or send data anywhere?

No. SecureLint runs entirely on-device using a local regex engine inside the browser extension. Nothing from your screen, open tabs, or credentials is ever captured, uploaded, or transmitted to any server.

Does the blur automatically lift when my meeting ends?

Yes. SecureLint continuously watches for the meeting tab to close or for camera/microphone permissions to be revoked. The moment the call ends, all blur overlays are removed and your browser tabs return to normal visibility automatically — within about 5 seconds.

Can I override Meeting Mode during a call?

Yes. Click the SecureLint extension icon and choose Pause Meeting Mode for 10 minutes. A visible warning badge in the toolbar reminds you that secrets are temporarily exposed. Meeting Mode re-arms automatically when the window expires or when a new meeting is detected.