New issue
Advanced search Search tips

Issue 916224 link

Starred by 4 users
Status: WontFix
Owner: ----
Closed: Jan 4
Cc:
atwilson@chromium.org
rdevlin....@chromium.org
pmarko@chromium.org
kathrelk...@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: Chrome
Pri: 3
Type: Bug



Sign in to add a comment

Installing enterprise blocked extensions to enrolled chromebook

Reported by suressri...@stillwaterschools.org, Dec 18 
Chrome OS Version: <Version 67.0.3396.99 (Official Build) (64-bit)>
Chrome OS Platform: <10575.58.0 (Official Build) stable-channel auron_paine>
<b>Network info: <network, encryption type, router model (if known)></b>

Please specify Cr-* of the system to which this bug/feature applies (CrOS x86_64 10575.58.0).

Steps To Reproduce:
(1) Open chrome and search for "{Blocked application}.crx" where "Blocked Application" is what is blocked and you want to install
(2) Rename "{Blocked application}.crx" to "{Blocked application}.zip"
(3) Open with zip unpacker
(4) Extract
(5) Open manifest.json with Text
(6) Rename the application where you see short name and delete other identifications of the extension
(7) Go to chrome://extensions and enable developer mode
(8) On the top left click "Load unpacked extensions"
(9) Navigate to the extract folder where you edited the manifest.json and click open
(10) You have installed a enterprise blocked extension to enrolled chromebook

Expected Result: You can install any enterprise blocked extension to enrolled chromebook such as a vpn to unblock unwanted and blocked websites, inappropriate extensions, and games.

Actual Result: Three blocked extensions are running on an enrolled chromebook

How frequently does this problem reproduce? (Always, sometimes, hard to
reproduce?): Always

What is the impact to the user, and is there a workaround? If so, what is
it?: A user can install extensions that the enterprise does not want bringing unwanted and harmful extensions, themes, and apps to a enrolled chromebook.

Comment 1 by dtapu...@chromium.org, Dec 19

Components: Platform>Extensions Enterprise

Comment 2 by chchakrapani@chromium.org, Jan 3

Cc: kathrelk...@chromium.org
Labels: M-73
Status: Untriaged (was: Unconfirmed)
Able to use the blocked extension by loading it as an unpacked version.

Setup: 
1. Block the desired extension via cpanel.
2. Install app on chromebook - https://chrome.google.com/webstore/detail/chrome-extension-source-v/jifpbeccnghkjeaalbbjmodiffmgedin?hl=en 

Steps followed.
1. Enroll device.
2. Open a chrome app in webstore (in my case "Battlefield Wallpapers HD New Tab Themes")
3. Click on CRX icon -> Download as zip.
4. Extract downloaded zip file.
5. Open Chrome:extensions and enable Developer mode.
6. Load unpacked file by Navigating to the extract folder and click open.
7. Try to install same app via chrome webstore.

Results:
6. Extension loads the defined web page and opens a newtab with a wallpaper set.
7. " "Battlefield Wallpapers HD New Tab Themes" is blocked by the administrator."" message is shown.

Checked on Google Chrome(73.0.3644.0,11511.0.0)

Comment 3 by rdevlin....@chromium.org, Jan 4

Cc: pmarko@chromium.org rdevlin....@chromium.org atwilson@chromium.org
Status: WontFix (was: Untriaged)
Extension blocking works based on Extension ID, and this ID changes when loading an unpacked extension.  To prevent users from loading unpacked extensions, you should also disable developer tools (using the DeveloperToolsAvailability policy).

Sign in to add a comment