GithubHelp home page GithubHelp logo

anthrax3 / chromegalvanizer Goto Github PK

View Code? Open in Web Editor NEW

This project forked from mandatoryprogrammer/chromegalvanizer

0.0 1.0 0.0 2.19 MB

Harden your Chrome browser via enterprise policy.

License: MIT License

JavaScript 14.58% HTML 2.21% Vue 83.20%

chromegalvanizer's Introduction

icon Chrome Galvanizer

Click here for the hosted version (no setup required)

Summary

Chrome Galvanizer is a tool to generate Chrome enterprise policies to help users harden their browser security. Currently, the main support is for generating policies to restrict extension access from sites explicitly marked as sensitive (e.g. your email, bank, cryptocurency, and other sites). This allows you to prevent extensions from accessing these specific sites even if you've already granted them permission to do so when first installing them.

What does this protect against?

This protects from hijacked extensions with backdoored updates and against extensions that have been exploited due to a security vulnerability in their code.

One good example of the former type of attack this protects against is the case of the MEGA Chrome extension getting hacked. Basically, the account which publishes the MEGA extension likely was phished, the result being that a backdoored extension update was pushed out to all extension users (millions). Per MEGA's statement the extension keylogged and stole “credentials for sites including amazon.com, live.com, github.com, google.com (for webstore login), myetherwallet.com, mymonero.com, [and] idex.market.”

Using Chrome Galvanizer, you can protect yourself from attacks like this by specifying specific sites that one or all of your extensions can no longer access. For the MEGA case, if users had created a policy restricting access for the MEGA extension to access amazon.com, live.com, github.com, google.com, myetherwallet.com, mymonero.com, and idex.market then they'd be protected from the attack.

You can even configure policies that only allow an extension to access a specific whitelist of sites instead of just blacklisting sensitive ones. This is useful if you have an extension you want to use for a set of sites but not the rest of the web. Of course, you can also layer these policies to get even better results.

Tools

This is a SPA written in Vue with vue-cli.

Project setup

npm install

Compiles and hot-reloads for development

npm run serve

Compiles and minifies for production

npm run build

Lints and fixes files

npm run lint

Customize configuration

See Configuration Reference.

chromegalvanizer's People

Watchers

avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.