GAT Shield offers admins an extensive and in-depth view of users’ Chrome activity at all times.
Admins can audit users’ browsing activity set up alert rules based on user behavior, deploy web-filtering for end-users, and much more.
In this post, we’ll cover the ‘Extensions’ Section in GAT Shield, where you can audit, track, analyse and secure extensions on your Chromebooks and ChromeOS devices.
View all Chrome Extensions – Risk Assessment #
Navigate to Shield → Extensions → Extensions Explorer
The Extensions explore will present all the Extensions installed by the users of your domain.
- Name – Name of the Extension
- Version – What’s the current version of the extension
- Permissions – List of all permissions required from your domain by the extension
- Permission score – Our graded score based on the amount and types of permissions required by the application.
- Low – low score assigned
- Medium – medium score assigned
- High – high score assigned
- Enabled – Whether the extension is enabled or disabled.
- Installed – When the extension was installed.
- Removed – When the extension was removed.
- Users – Which user installed this extension.
See Chrome Extension Permission score #
The Extension permission scores are useful to see and assess if the Extension is OK to be installed.
An extension permission list is defined here. ‘Permission Scores‘ for an extension in Shield are based on the official permission list and have the scores assigned:
Permission | Score | Permission | Score |
alarms | 1 | power | 3 |
audio | 1 | pushMessaging | 3 |
audioCapture | 4 | serial | 1 |
browser | 4 | signedInDevices | 1 |
clipboardRead | 3 | socket | 3 |
clipboardWrite | 2 | storage | 3 |
contextMenus | 1 | syncFileSystem | 4 |
desktopCapture | 4 | system.cpu | 2 |
diagnostics | 1 | system.display | 4 |
dns | 1 | system.memory | 4 |
experimental | 1 | system.network | 4 |
fileBrowserHandler | 1 | system.storage | 4 |
fileSystem | 3 | tts | 4 |
fileSystemProvider | 4 | unlimitedStorage | 4 |
gcm | 4 | usb | 3 |
geolocation | 3 | videoCapture | 4 |
hid | 1 | wallpaper | 1 |
identity | 1 | webview | 2 |
idle | 1 | webRequest | 2 |
infobars | 1 | webRequestBlocking | 2 |
location | 1 | tabs | 1 |
mediaGalleries | 1 | management | 4 |
nativeMessaging | 3 | history | 3 |
notificationProvider | 2 | identity | 1 |
notifications | 2 | downloads | 3 |
pointerLock | 2 | identity.email | 3 |
‘The Total Permission Score’ for an extension (presented in the UI) is calculated as max of [list of ‘Permission Score’ values for an extension]
‘High Risk’ extensions are classed as such because they require sufficient resources in chrome that they could crash it.
GAT Shield is classifying ‘High Risk’ extensions using ‘Permission Score’:
- <= 1 N/A
- = 2 Low
- = 3 Medium
- >= 4 High
Often these extensions need the resources they ask for, we are just drawing your attention to them.