Hi, reviewing our Software inventory in fleet, I'v...
# fleett
tokcum
03/09/2023, 11:22 PMHi, reviewing our Software inventory in fleet, I've came across some browser extensions which I found, looking at their names, inappropriate in a corporate environment. The investigation showed that those extensions were "just" themes.
Technically osquery lists all extensions in
chrome_extensionschrome_extensionsmanifest_json Copy code
SELECT
name AS name,
version AS version,
'Browser theme (Chrome)' AS type,
FROM users CROSS JOIN chrome_extensions USING (uid)
WHERE json_extract(manifest_json, '$.theme') <> ''themec
clong
03/09/2023, 11:57 PMTechnically osquery lists all extensions in chrome_extensions and fleet uses this table to fill the software inventory. However, from a security perspective a theme is a different story then code run by the browser and interacting with the user.Does the theme get installed as an extension? Regardless of what the extension does (apply a theme, for example), it's still a chrome extension
clong
03/09/2023, 11:57 PMor are you talking about these? https://chrome.google.com/webstore/category/themes
t
tokcum
03/13/2023, 10:36 AMYes, themes are installed as extensions. I think it would be great if we were able to differentiate extensions which just provide themes / backgrounds from other extensions.
tokcum
03/13/2023, 10:51 AMHere is an example of extensions I've found with my approach, some of them having names from games. Because of the names, this caught my attention, initially.
r
roberto
03/13/2023, 11:31 AMhey! thanks for bringing this up! I have asked the team what is the best way to move this discussion forward (so it doesn't get silently lost here)
will let you know when I know more
roberto
03/13/2023, 3:11 PMGot an answer: the best way to ask for feature requests is by opening an issue in GitHub, if you don't have time just lmk and I can do that for you with the info you provided
t
tokcum
03/17/2023, 11:22 AMThanks, Roberto, I'll raise an issue on Github shortly.