There are times when a normal Chrome extension can become malicious, e.g. maybe the original author sold the extension to a phishing company, maybe the author's credential is compromised and a new malicious version is published by the hacker, or, maybe the author has intended to turn the extension into a malicious one after gaining popularity. Either way, these extensions usually get taken down from the Chrome Web Store after the malicious activity is discovered.
However, Chrome doesn't seem to uninstall these extensions installed on my local computer. Sometimes I only discover it after the damage becomes apparent - being hijacked to another URL for example. And even if I know there are malicious extensions, I cannot find out which one it is. I have to go through every extension and disable each of them manually.
But usually, the offending extension has been taken down from the Web Store already. So, if there is a way (maybe a script) to test all locally-installed extensions and list those not existing in Chrome Web Store, it can hopefully help me pinpoint the source quickly. Any ideas?
No comments:
Post a Comment