📖 2 mins read

How to perform a Chromebook Extensions Risk Assessment?

GAT Shield offers admins an extensive and in-depth view of the activity of all users at all times. Admins can audit the browsing activity of users, set up alert rules based on users’ behaviour, set up web-filtering for end-users, and much more.

In this post, we’ll cover the ‘Extensions’ Section in GAT Shield, where you can audit, track, analyse and secure your Chromebooks and ChromeOS devices.

View all Chrome Extensions

Navigate to Shield → Extensions → Extensions Explorer

The Extensions explore will present all the Extensions installed by the users of your domain.

  • Name – Name of the Extension
  • Version – What’s the current version of the extension
  • Permissions – List of all permissions required from your domain by the extension
  • Permission score – Our graded score based on the amount and types of permissions required by the application.
    • Low – low score assigned
    • Medium – medium score assigned
    • High – high score assigned
  • Enabled – Whether the extension is enabled or disabled.
  • Installed – When the extension was installed.
  • Removed – When the extension was removed.
  • Users – Which user installed this extension.

GAT Shield | Chromebook Extensions Risk Assessment 1

 

Permission score

The Extension permission scores are useful to see and assess if the Extension is OK to be installed.

An extension permission list is defined here. Permission Scores‘ for an extension in Shield are based on the official permission list and have the scores assigned:

Permission Score Permission Score
alarms 1 power 3
audio 1 pushMessaging 3
audioCapture 4 serial 1
browser 4 signedInDevices 1
clipboardRead 3 socket 3
clipboardWrite 2 storage 3
contextMenus 1 syncFileSystem 4
desktopCapture 4 system.cpu 2
diagnostics 1 system.display 4
dns 1 system.memory 4
experimental 1 system.network 4
fileBrowserHandler 1 system.storage 4
fileSystem 3 tts 4
fileSystemProvider 4 unlimitedStorage 4
gcm 4 usb 3
geolocation 3 videoCapture 4
hid 1 wallpaper 1
identity 1 webview 2
idle 1 webRequest 2
infobars 1 webRequestBlocking 2
location 1 tabs 1
mediaGalleries 1 management 4
nativeMessaging 3 history 3
notificationProvider 2 identity 1
notifications 2 downloads 3
pointerLock 2 identity.email 3

 

‘The Total Permission Score’ for an extension (presented in the UI) is calculated as max of [list of ‘Permission Score’ values for an extension]  

High Risk’ extensions are classed as such because they require sufficient resources in chrome that they could crash it.

GAT Shield is classifying ‘High Risk’ extensions using ‘Permission Score’:

  • <= 1  N/A
  • =   2  Low
  • =   3  Medium
  • >= 4  High

Often these extensions need the resources they ask for, we are just drawing your attention to them.

If you would like to run a trial of our products please install GAT+ from the Google Marketplace and contact us at support@gatlabs.com with any questions you may have.

To request a demo please click here and fill the form, we’ll get back to you in less than 12 hours during weekdays.

If you tried GAT in the past and would like to run a fresh trial again, please enquire through this form.

Thanks for sharing and spreading the word!