Chrome Extensions

Overview

Evidence: Chrome Extensions Description: Collect Chrome Extensions Category: Applications Platform: linux Short Name: chrext Is Parsed: Yes Sent to Investigation Hub: Yes Collect File(s): No

Background

Chromium-based browser extensions extend functionality and can be abused for persistence, credential theft, tracking, or data exfiltration. Manifest metadata and permissions offer insight into capabilities and risk.

Data Collected

This collector gathers structured data about chrome extensions.

Collection Method

This collector discovers profile Preference files, parses extension configuration, locates each extension's manifest.json, copies artifacts to case content, and normalizes extension metadata (permissions, version, author, install time).

Forensic Value

Extension inventories help identify malicious or risky add-ons, correlate with browser activity, and detect persistence mechanisms. Permissions and update URLs aid threat hunting and attribution.