Google is Adding Force-Installed Extension Removal to the Chrome Cleanup Tool
Google Chrome includes a built-in utility called the Chrome Cleanup Tool that scans for and remove malware that injects ads or performs other unwanted behavior in Chrome. A problem, though, is that this tool does not allow the removal of Chrome extensions that are force-installed through Windows group policies.
This is about to change according to a Chrome source code commit, which has the description of “Update chrome_cleaner/chrome_utils to remove force-installed extensions.” According to this update, the Chrome Cleanup Tool will now be able to detect and remove force-installed extensions. It will, though, utilize a whitelist of Google extensions that should continue to be automatically installed.
Force-installed extensions are extensions that are automatically installed by Chrome without user interaction due to configured Windows group policies. These policies are legitimately used by administrators to prep the Chrome browser with extensions commonly used within their organization.
These policies can be added by creating the HKLMSOFTWAREPoliciesGoogleChromeExtensionInstallForcelist or HKCUSOFTWAREPoliciesGoogleChromeExtensionInstallForcelist Registry keys or through policy templates provided by Google.
For example, in the image below you can see a ExtensionInstallForcelist group policy that automatically downloads and installs the Grammarly extension in Chrome when the browser is started.
Unfortunately, malicious extension developers are also known to use these policies to force-install their extensions on Chrome users without their knowledge. To make matters worse, as these extensions are installed by group policies, Chrome will not allow users to remove them using normal means. Instead users need to modify the Registry to remove the policies.
For this reason, having this feature added to the Chrome Cleanup Tool is a welcome addition.
The Chrome Cleanup Tool
The Chrome Cleanup tool is a program created by Google that utilizes a malware detection and removal engine created by security software company ESET. This module goes by the internal name of “Chrome Protector” or “Chrome Cleanup”.
Chrome will routinely launch the tool, download the latest engine and definitions from ESET, and performs scans of the computer for unwanted programs. When it detects a program that can interfere with Chrome, it will prompt you to remove the detected infections as shown below.
Users can also force a scan of their computer by entering chrome://settings/cleanup in the browser’s address bar and pressing enter. This will bring them to a page that will allow you to initiate an immediate scan by clicking on the FIND button.
In past tests, the Chrome Cleanup Tool has not done a very good job detecting installed adware or malware that injects ads into Chrome. With that said, the ability to easily remove forced-install extensions brings an extra feature that is really needed.
Read the original article over at BleepingComputer.com.