Is ExtensionInstallForcelist automatically ignoring extensions that are not in CWS.

[Mindaugas Simukaitis]

For simplicity, let's say I have a registry value zzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzz in SOFTWARE\Policies\Google\Chrome\ExtensionInstallForcelist, now let's say that that extension was reported and taken down by Google, but It was installed on my device before. Does chrome automatically disable/remove the reported extension for me?  I assume the registry value that points to an extension that was taken down means nothing and won't make chrome download the malicious extension again, but do I have to disable/remove the malicious extension myself? Will chrome even realize that I have a malicious extension if I don't provide the update URL that points to the update manifest after the 32 letter key? (https://support.google.com/chrome_webstore/answer/2811969?hl=en)

I've looked at this (https://support.google.com/chrome_webstore/answer/2811969?hl=en). This only talks about how some extensions might be disabled, but not when and how, and doesn't even show how it would look in the browser.

Boring backstory: I have a few computers with many extensions installed by using the ExtensionInstallForcelist registry key, now, I don't want to check online if all my extensions are not malicious before using chrome, does chrome do that for me automatically?

[koko nart]

សែងឃ្យូ

នៅ​ថ្ងៃទី អាទិត្យ 15 ឧសភា 2022, 18:58 Mindaugas Simukaitis <mindaugas...@gmail.com> បាន​សរសេរ​ថា៖

For simplicity, let's say I have a registry value zzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzz in SOFTWARE\Policies\Google\Chrome\ExtensionInstallForcelist, now let's say that that extension was reported and taken down by Google, but It was installed on my device before. Does chrome automatically disable/remove the reported extension for me?  I assume the registry value that points to an extension that was taken down means nothing and won't make chrome download the malicious extension again, but do I have to disable/remove the malicious extension myself? Will chrome even realize that I have a malicious extension if I don't provide the update URL that points to the update manifest after the 32 letter key? (https://support.google.com/chrome_webstore/answer/2811969?hl=en)

I've looked at this (https://support.google.com/chrome_webstore/answer/2811969?hl=en). This only talks about how some extensions might be disabled, but not when and how, and doesn't even show how it would look in the browser.

Boring backstory: I have a few computers with many extensions installed by using the ExtensionInstallForcelist registry key, now, I don't want to check online if all my extensions are not malicious before using chrome, does chrome do that for me automatically?

--
You received this message because you are subscribed to the Google Groups "Chromium Extensions" group.
To unsubscribe from this group and stop receiving emails from it, send an email to chromium-extens...@chromium.org.
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/chromium-extensions/350b8a70-4d03-47d8-8a12-0a2c8fccad4cn%40chromium.org.