Chromebook Extensions Risk #
GAT Shield offers admins an extensive and in-depth view of users’ Chrome activity at all times.
Admins can audit users’ browsing activity, set up alert rules based on user behavior, deploy web filtering for end-users, and much more.
In this post, we’ll cover the ‘Extensions’ Section in GAT Shield, where you can audit, track, analyse, and secure extensions on your Chromebooks and ChromeOS devices.
View all Chrome Extensions – Risk Assessment #
You’ll have a detailed view of all the information from all the Extensions installed on the user’s account
- Name – Name of the Extension
- Version – What’s the current version of the extension
- Used permissions – List of all permissions required from your domain by the extension
- Permission score – Our graded score is based on the amount and types of permissions required by the application.
- Low-scope required
- Medium – scope required
- High-scope required
- Enabled – Whether the extension is enabled or disabled.
- Installed – When the extension was installed.
- Removed – When the extension was removed.
- Users – View which user has the extension
See Chrome Extension Permission score #
The Extension permission scores are useful to see and assess if the Extension is OK to be installed.
An extension permission list is defined here. ‘Permission Scores‘ for an extension in Shield are based on the official permission list and have the scores assigned:
| Permission | Score | Permission | Score |
| alarms | 1 | power | 3 |
| audio | 1 | pushMessaging | 3 |
| audioCapture | 4 | serial | 1 |
| browser | 4 | signedInDevices | 1 |
| clipboardRead | 3 | socket | 3 |
| clipboardWrite | 2 | storage | 3 |
| contextMenus | 1 | syncFileSystem | 4 |
| desktopCapture | 4 | system.cpu | 2 |
| diagnostics | 1 | system.display | 4 |
| dns | 1 | system.memory | 4 |
| experimental | 1 | system.network | 4 |
| fileBrowserHandler | 1 | system.storage | 4 |
| fileSystem | 3 | tts | 4 |
| fileSystemProvider | 4 | unlimitedStorage | 4 |
| gcm | 4 | usb | 3 |
| geolocation | 3 | videoCapture | 4 |
| hid | 1 | wallpaper | 1 |
| identity | 1 | webview | 2 |
| idle | 1 | webRequest | 2 |
| infobars | 1 | webRequestBlocking | 2 |
| location | 1 | tabs | 1 |
| mediaGalleries | 1 | management | 4 |
| nativeMessaging | 3 | history | 3 |
| notificationProvider | 2 | identity | 1 |
| notifications | 2 | downloads | 3 |
| pointerLock | 2 | identity.email | 3 |
‘The Total Permission Score’ for an extension (presented in the UI) is calculated as max of [list of ‘Permission Score’ values for an extension]
‘High Risk’ extensions are classed as such because they require sufficient resources in Chrome that they could crash it.
GAT Shield is classifying ‘High Risk’ extensions using ‘Permission Score’:
- <= 1 N/A
- = 2 Low
- = 3 Medium
- >= 4 High
Often, these extensions need the resources they ask for; we are just drawing your attention to them.
