1

A problem with Chrome extensions was raised in an earlier question: extension owners can sell their extension to another owner, who can then insert malicious code.

From a user's perspective, they may trust the initial owner and install an extension, only to find malicious code silently installed months later when the extension is automatically updated.

I would like to be notified whenever an extension owner changes for an extension I have installed, so I can re-appraise it. It would be a bonus if those extensions were disabled until manually re-enabled.

Is there an existing tool which would do that for me?

If not, is it feasible to create such a gadget, say as a locally installed Chrome extension, or a shell script/cron job?

user108903
  • 111
  • 4

1 Answers1

0

Ownership data could be scraped from the Chrome web store in order to track changes. With apologies for the shoddy code, here is such a scraper:

#!/usr/bin/env python3.8
import re, sys, urllib
from urllib.request import urlopen
from bs4 import BeautifulSoup

def processExtension(ext):
    print('EXT> ' + ext)
    crxbase = 'https://chrome.google.com/webstore/detail/'
    try:
        html = urlopen(crxbase + ext).read()
        soup = BeautifulSoup(html, 'html.parser');
        processSoup(soup)
    except urllib.error.HTTPError as err:
        print(err)
        pass


def processSoup(soup):
    for elem in soup('h1'):
        print ('TITLE> ' + elem.text)
    for elem in soup(text=re.compile(r'offered by')):
        if elem.parent.findChildren('a'):
            for ch in elem.parent.findChildren('a'):
                print ('OFFEREDBY> ' + ch.attrs['href'])
        else:
            print( 'OFFEREDBY> ' + re.sub( '^ offered by ', '', str(elem) ) )
    for elem in soup('a',text=re.compile(r'developer')):
        print ('DEVELOPER_EMAIL> ' + re.sub('^mailto:','', str(elem.attrs['href'])))
    for elem in soup('span',text=re.compile(r'Website')):
        print ('WEBSITE> ' + elem.parent.attrs['href'])


for line in sys.stdin:
    processExtension(line.strip())
    print()

Sample output:

$ ls "~/Library/Application Support/Google/Chrome/Default/Extensions/" | ./extensionowners.py
EXT> mokjkiliipanjhlfbpagnmlpihmaohde
TITLE> Netflix Classic
OFFEREDBY> https://www.clickerfornetflix.com
DEVELOPER_EMAIL> help@dbklabs.com
WEBSITE> https://www.clickerfornetflix.com

EXT> nhbmpbdladcchdhkemlojfjdknjadhmh
TITLE> Crosh Window
OFFEREDBY> Chromium OS Developers
DEVELOPER_EMAIL> chromium-os-dev@chromium.org
WEBSITE> https://chromium.googlesource.com/chromiumos/platform2/+/HEAD/crosh/


EXT> nmmhkkegccagdldgiimedpiccmgmieda
HTTP Error 404: Not Found


EXT> occjjkgifpmdgodlplnacmkejpdionan
TITLE> AutoScroll
OFFEREDBY> http://kaescripts.blogspot.com
DEVELOPER_EMAIL> pcxunlimited@gmail.com
WEBSITE> https://github.com/Pauan/AutoScroll


EXT> ofhbbkphhbklhfoeikjpcbhemlocgigb
TITLE> Web Server for Chrome
OFFEREDBY> http://chromebeat.com
DEVELOPER_EMAIL> graehlarts@gmail.com
WEBSITE> https://github.com/kzahel/web-server-chrome
user108903
  • 111
  • 4