tokcum03/09/2023, 11:22 PM
and fleet uses this table to fill the software inventory. However, from a security perspective a theme is a different story then code run by the browser and interacting with the user. So, I was wondering if it's possible to differentiate the two. I've not found a dedicated column for this in
, but looking into the extensions
provided an opportunity.
It would be great if fleet good differentiate "full blown extensions" from "just a theme". Not sure if my initial approach is a good fit and covers all scenarios. Maybe there are extensions which are both. I've also seen extensions which just provide a background. Maybe they have no
SELECT name AS name, version AS version, 'Browser theme (Chrome)' AS type, FROM users CROSS JOIN chrome_extensions USING (uid) WHERE json_extract(manifest_json, '$.theme') <> ''
in their manifest. Looking forward to a discussion of this topic and hopefully this is valueable enough to find a way into fleet. :)
clong03/09/2023, 11:57 PM
Technically osquery lists all extensions in chrome_extensions and fleet uses this table to fill the software inventory. However, from a security perspective a theme is a different story then code run by the browser and interacting with the user.Does the theme get installed as an extension? Regardless of what the extension does (apply a theme, for example), it's still a chrome extension
tokcum03/13/2023, 10:36 AM
roberto03/13/2023, 11:31 AM
tokcum03/17/2023, 11:22 AM