0

I'm writing an extension for enterprise environments that needs to detect if a user ever disables it. I know that you can detect the disabling of other extensions with chrome.management.onDisabled, but how does an extension detect when itself is disabled?

I was able to find an answer which uses chrome.runtime from a content script, but that's impossible if the user does not have any http/https websites open.

This is my current solution, where I use chrome.history to check if the extension was ever disabled:

chrome.history.onVisited.addListener((site) => {
  localStorage.lastActive = site.lastVisitTime;
});

if (!localStorage.lastActive) return;

chrome.history.search({text: "", maxResults: 1}, (data) => {
  let wasDisabled = data[0].lastVisitTime > localStorage.lastActive;
  console.log(wasDisabled);
  // if true, there was a history visit when the extension was turned off

  localStorage.lastActive = data[0].lastVisitTime;
})

Basically, the extension constantly checks if it was active the last time the user was browsing. Once it is turned on again, it will take action and realize whether it had been inactive.

However, I feel like this is just too hacky and inconsistent. If a user can clear their browser history, they can fool the extension.

I know that the Chrome API is vast and sometimes weird, so if anybody has knowledge of how you would detect this in a more consistent way, that would be highly appreciated. If having two separate extensions is truly the cleanest and most reliable answer, then I will do that.

derder56
  • 111
  • 1
  • 8
  • Is this an extension that spies on users? – Thomas Mueller Jan 22 '23 at 06:57
  • No, not sure why you would think that. It's for enterprise environments and is not supposed to be disabled. But there have been exploits recently allowing for this to happen. The goal is to find when this happens so that the enterprise can be alerted of it. – derder56 Jan 22 '23 at 07:17
  • Oh ok, you're talking about LTBEEF. I'm sure it's ok mention this exploit on SO because [Disable chrome extensions with bookmarklet (closed)](https://stackoverflow.com/a/75045183/19840875) from two weeks ago hasn't been deleted. – Thomas Mueller Jan 22 '23 at 07:59
  • "If having two separate extensions is truly the cleanest and most reliable answer, then I will do that." - What if a hacker first disables the extension that uses chrome.management to monitor activation/deactivation of other extensions, and then the main extension? – Thomas Mueller Jan 22 '23 at 08:04
  • You're not gonna believe this but I found LTBEEF (lol). Anyway the idea about the double-extension thing is that maybe the event listener would be called before the second extension is disabled. Javascript is single-threaded after all, so you can't disable two at once. – derder56 Jan 22 '23 at 08:09
  • ...although my history solution seems okay for now, in the sense that there won't be false positives and it would be really tough to avoid the check. – derder56 Jan 22 '23 at 08:12
  • So you want to install two extensions that both listen to `chrome.management.onDisabled` so they can monitor each other? Sounds like it might work. – Thomas Mueller Jan 22 '23 at 08:13
  • Let us [continue this discussion in chat](https://chat.stackoverflow.com/rooms/251316/discussion-between-derder56-and-thomas-mueller). <--- Don't know why this happened, must have misclicked lol. Anyway I will try that now. – derder56 Jan 22 '23 at 08:13
  • @ThomasMueller I tested it and it seems like the first one detects the second one being disabled no matter what. So I guess this is a solution, although one could argue that it's much less convenient than the history one. – derder56 Jan 22 '23 at 08:21
  • 2
    Note that "Javascript is singlethreaded" applies only to JS within one physical thread whereas each extension normally runs in its own separate physical process, so the user may make the bookmarklet disable both extensions repeatedly which may eventually succeed because `chrome` events are dispatched asynchronously via the main browser process. – wOxxOm Jan 22 '23 at 08:32
  • Ok, interesting, although I haven't been able to see that happening. I think I will stick with my history solution anyway. – derder56 Jan 22 '23 at 15:56

0 Answers0