Browser Extensions Product Pack

Scenario

Recently some Chrome extension publishers had their extensions hijacked by malicious third parties, who installed adware and possibly other spyware into these extensions. As a consequence, auditing and controlling the use of Chrome extensions is an important security consideration.

Product Pack notes:

 

About Chrome Extensions

Chrome extensions are freely downloadable from the Chrome Web Store. However it’s become evident that not all extensions are trustworthy. Extensions are installed in the folder location

C:\Users\\AppData\Local\Google\Chrome\User Data\Default\Extensions

By parsing some JSON files found in subfolders under these locations, it is possible to programmatically retrieve the version and description of each installed Chrome extension

 

Instructions

Questions

Resources

A PowerShell script to retrieve extension details

Known Issues

In rare cases, some versions of extensions appear not to contain an extension description either in the primary manifest or the localisation file. In this case the description appears as the symbolic name given to the description which was intended to be resolved in the localisation file. This is believed to be a very rare scenario.

You must log in to submit a review. Click here to login.