Chrome Extension Content Verification

Discussion in 'other software & services' started by AutoCascade, Mar 8, 2016.

  1. AutoCascade

    AutoCascade Registered Member

    Joined:
    Feb 16, 2014
    Posts:
    626
    Location:
    United States
    This would seem to be a good way to verify that the extension you have is what its supposed to be basically its signed. Its an option in Chrome flags.

    chrome://flags

    This flag can be used to turn on verification that the contents of the files on disk for extensions from the webstore match what they're expected to be. This can be used to turn on this feature if it would not otherwise have been turned on, but cannot be used to turn it off (because this setting can be tampered with by malware).
     
  2. Azure Phoenix

    Azure Phoenix Registered Member

    Joined:
    Nov 22, 2014
    Posts:
    359
    Interesting. Have you tried it? Did it break/disabled any extensions for you?
     
  3. AutoCascade

    AutoCascade Registered Member

    Joined:
    Feb 16, 2014
    Posts:
    626
    Location:
    United States
    No I've been running it on Chrome stable without a problem. I have it set to "Enforce Strict (hard fail if we can't get hashes). I have quite a few extensions too.
     
  4. Page42

    Page42 Registered Member

    Joined:
    Jun 18, 2007
    Posts:
    5,828
    Location:
    Last Breath Farm
    I don't understand the part about not being able to turn it off...

    "This can be used to turn on this feature if it would not otherwise have been turned on, but cannot be used to turn it off (because this setting can be tampered with by malware)"

    How does a user turn it off? Via the drop down menu, reset to Default? If yes, then wtf do they mean by cannot be used to turn it off?
     
  5. AutoCascade

    AutoCascade Registered Member

    Joined:
    Feb 16, 2014
    Posts:
    626
    Location:
    United States
    I have a lot of flags set so I'm not going to experiment be resetting them all to default but it sounds like that would be the only way to turn it off - you couldn't just turn that one flag off is the way I interpreted it.

    If I get the time tomorrow I'll install chrome beta and try that out to see how it works as far as turning the flag off
     
  6. AutoCascade

    AutoCascade Registered Member

    Joined:
    Feb 16, 2014
    Posts:
    626
    Location:
    United States
    I just installed the dev version to test turning this flag on and off and I had no problem doing so I could change it to any of the options relaunch and it showed changed after the browser restarted.
     
  7. AutoCascade

    AutoCascade Registered Member

    Joined:
    Feb 16, 2014
    Posts:
    626
    Location:
    United States
    Sounds like a check in case you were infected and an extension was modified
     
  8. ballot

    ballot Registered Member

    Joined:
    Aug 19, 2016
    Posts:
    1
    Location:
    greece
    how exactly chrome extension verification works?

    i think they put public key in hardcoded exe and private key in chrome webstore?
    and they verify file hashes?
     
Loading...