tokcum
03/09/2023, 11:22 PMchrome_extensions
and fleet uses this table to fill the software inventory. However, from a security perspective a theme is a different story then code run by the browser and interacting with the user.
So, I was wondering if it's possible to differentiate the two. I've not found a dedicated column for this in chrome_extensions
, but looking into the extensions manifest_json
provided an opportunity.
SELECT
name AS name,
version AS version,
'Browser theme (Chrome)' AS type,
FROM users CROSS JOIN chrome_extensions USING (uid)
WHERE json_extract(manifest_json, '$.theme') <> ''
It would be great if fleet good differentiate "full blown extensions" from "just a theme". Not sure if my initial approach is a good fit and covers all scenarios. Maybe there are extensions which are both. I've also seen extensions which just provide a background. Maybe they have no theme
in their manifest.
Looking forward to a discussion of this topic and hopefully this is valueable enough to find a way into fleet. :)clong
03/09/2023, 11:57 PMTechnically osquery lists all extensions in chrome_extensions and fleet uses this table to fill the software inventory. However, from a security perspective a theme is a different story then code run by the browser and interacting with the user.Does the theme get installed as an extension? Regardless of what the extension does (apply a theme, for example), it's still a chrome extension
tokcum
03/13/2023, 10:36 AMroberto
03/13/2023, 11:31 AMtokcum
03/17/2023, 11:22 AM