Elgato_dark/fleet
1
0
Fork 0
mirror of https://github.com/fleetdm/fleet synced 2026-05-23 17:08:53 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 83

Update chrome_extensions.yml (#19397)

Browse source 
Please check the new scalar is working correctly. I am going to have to
do a PR on the authdb table because some of the markdown syntax is
showing on the updated page. Thanks!

---------

Co-authored-by: Eric <eashaw@sailsjs.com>
This commit is contained in:
Brock Walters 2024-05-31 12:02:06 -04:00 committed by GitHub
parent 49872be675
commit 893766efdd
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
1 changed files with 18 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

22
schema/tables/chrome_extensions.yml
View file

@ -4,22 +4,36 @@ platforms:
- windows
- linux
- chrome
description: Installed extensions (plugins) for [Chromium-based](https://en.wikipedia.org/wiki/Chromium_(web_browser)) browsers, including [Google Chrome](https://en.wikipedia.org/wiki/Google_Chrome), [Edge](https://en.wikipedia.org/wiki/Microsoft_Edge), [Brave](https://en.wikipedia.org/wiki/Brave_(web_browser)), [Opera](https://en.wikipedia.org/wiki/Opera_(web_browser)), and [Yandex](https://en.wikipedia.org/wiki/Yandex_Browser).
examples: |-
description: The `chrome_extensions` table maps browser extensions installed in [Chromium](https://en.wikipedia.org/wiki/Chromium_(web_browser)) browsers like [Google Chrome](https://en.wikipedia.org/wiki/Google_Chrome), [Edge](https://en.wikipedia.org/wiki/Microsoft_Edge), [Brave](https://en.wikipedia.org/wiki/Brave_(web_browser)), [Opera](https://en.wikipedia.org/wiki/Opera_(web_browser)), and [Yandex](https://en.wikipedia.org/wiki/Yandex_Browser).
examples: |-
Because browser data lives in user space, this query uses a join to include a UID:
```
SELECT * FROM users CROSS JOIN chrome_extensions USING (uid);
```
List Chrome extensions by user and profile which have full access to HTTPS
browsing.
This query shows Chrome extensions that have full access to HTTPS browsing;
```
SELECT u.username, ce.name, ce.description, ce.version, ce.profile, ce.permissions FROM users u CROSS JOIN chrome_extensions ce USING (uid) WHERE ce.permissions LIKE '%%https://*/*%%';
```
notes: |-
Querying this table requires joining against the `users` table. [Learn more](https://fleetdm.com/guides/osquery-consider-joining-against-the-users-table)
On ChromeOS, this table requires the [fleetd Chrome extension](https://fleetdm.com/docs/using-fleet/chromeos).
Examples of [malicious Chrome extensions](https://palant.info/2023/06/08/another-cluster-of-potentially-malicious-chrome-extensions/)
Loosely restricted extension permissions can be an [indicator of malicious intent](https://developer.chrome.com/docs/extensions/reference/api/permissions)
Tracking browser extensions in an organization can help with:
- Compliance audits: Ensure extensions comply with company policies
- Security training: Educate users about Chrome extension risks
- Incident response: Identify suspicious or vulnerable extensions
columns:
- name: uid
platforms: