View Categories

Chromebook Extensions Risk Assessment

Chromebook Extensions Risk  #

GAT Shield offers admins an extensive and in-depth view of users’ Chrome activity at all times.

Admins can audit users’ browsing activity, set up alert rules based on user behavior, deploy web filtering for end-users, and much more.

In this post, we’ll cover the ‘Extensions’ Section in GAT Shield, where you can audit, track, analyse, and secure extensions on your Chromebooks and ChromeOS devices.

View all Chrome Extensions – Risk Assessment #

You’ll have a detailed view of all the information from all the Extensions installed on the user’s account

  • Name – Name of the Extension
  • Version – What’s the current version of the extension
  • Used permissions – List of all permissions required from your domain by the extension
  • Permission score – Our graded score is based on the amount and types of permissions required by the application.
    • Low-scope required
    • Medium – scope required
    • High-scope required
  • Enabled – Whether the extension is enabled or disabled.
  • Installed – When the extension was installed.
  • Removed – When the extension was removed.
  • Users – View which user has the extension
Extension Details View
This section provides a detailed breakdown of information for all browser extensions installed by your users.

Name: The name of the installed extension.
Version: The current software version of the extension.
Permissions: A comprehensive list of all permissions the extension requires to operate within your domain.
Permission score: A graded score indicating the scope and type of permissions the application requests:
Low-scope required: The extension requests minimal permissions.
Medium-scope required: The extension requests a moderate level of permissions.
High-scope required: The extension requests extensive permissions, which may include sensitive access.
Enabled: Indicates whether the extension is currently active (Enabled) or inactive (Disabled).
Installed: The date and time when the extension was initially installed.
Removed: The date and time when the extension was removed.
Users: Identifies the specific user who installed this extension.

See Chrome Extension Permission score #

The Extension permission scores are useful to see and assess if the Extension is OK to be installed.

An extension permission list is defined here. Permission Scores‘ for an extension in Shield are based on the official permission list and have the scores assigned:

Permission Score Permission Score
alarms 1 power 3
audio 1 pushMessaging 3
audioCapture 4 serial 1
browser 4 signedInDevices 1
clipboardRead 3 socket 3
clipboardWrite 2 storage 3
contextMenus 1 syncFileSystem 4
desktopCapture 4 system.cpu 2
diagnostics 1 system.display 4
dns 1 system.memory 4
experimental 1 system.network 4
fileBrowserHandler 1 system.storage 4
fileSystem 3 tts 4
fileSystemProvider 4 unlimitedStorage 4
gcm 4 usb 3
geolocation 3 videoCapture 4
hid 1 wallpaper 1
identity 1 webview 2
idle 1 webRequest 2
infobars 1 webRequestBlocking 2
location 1 tabs 1
mediaGalleries 1 management 4
nativeMessaging 3 history 3
notificationProvider 2 identity 1
notifications 2 downloads 3
pointerLock 2 identity.email 3

‘The Total Permission Score’ for an extension (presented in the UI) is calculated as max of [list of ‘Permission Score’ values for an extension]  

High Risk’ extensions are classed as such because they require sufficient resources in Chrome that they could crash it.

GAT Shield is classifying ‘High Risk’ extensions using ‘Permission Score’:

  • <= 1  N/A
  • =   2  Low
  • =   3  Medium
  • >= 4  High

Often, these extensions need the resources they ask for; we are just drawing your attention to them.

LIVE EVENT

Join Us for a Training Session

For customers and current trials.

This website uses cookies to ensure you get the best experience on our website