Audit and Remediation: Why Does the "Chrome Extensions" Query Return Results for Edge and Other Browsers?
search cancel

Audit and Remediation: Why Does the "Chrome Extensions" Query Return Results for Edge and Other Browsers?

book

Article ID: 290084

calendar_today

Updated On:

Products

Carbon Black Cloud Audit and Remediation (formerly Cb Live Ops)

Issue/Introduction

Why do Live Query results for the "Chrome Extensions" query include extensions from non-Chrome browsers?

Environment

  • Carbon Black Cloud Console: All Versions
  • Carbon Black Cloud Sensor: All Supported Versions

Resolution

  • The chrome_extensions table in osquery stores details for all Chromium-based browsers, like Edge, Brave, and Opera.
  • As a result, a query against this table will return extensions installed on any Chromium browsers on the endpoint, unless a WHERE clause is used to filter by browser_type. Example: 
    SELECT username,
DIRECTORY,
       shell,
       TYPE,
       name,
       VERSION,
       locale,
       update_url,
       author,
       persistent,
       PATH
FROM users
JOIN chrome_extensions USING (UID) WHERE browser_type = 'chrome';
Powered by Wolken Software