search

Spec-ify / specify

Specify: a lightweight and fast tool to gather information about a Windows computer, designed for support purposes
BSD 2-Clause "Simplified" License
16 stars 3 forks source link

Detect forcibly installed browser extensions #70

Open PipeItToDevNull opened 1 month ago

PipeItToDevNull commented 1 month ago

As seen here, these keys are used in malware campaigns. I believe this would explain malicious extensions that escape ?chromemw https://www.bleepingcomputer.com/news/security/malware-force-installs-chrome-extensions-on-300-000-browsers-patches-dlls/

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Chrome\ExtensionInstallForcelist
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Edge\ExtensionInstallForcelist
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Policies\Google\Chrome\ExtensionInstallForcelist
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Policies\Microsoft\Edge\ExtensionInstallForcelist