VULNERABILITY DIGEST FROM ACTION1

Patch Tuesday and third-party updates | This Wednesday | 12 PM EST / 6 PM CET

Action1 5 Blog 5 Finding LastPass Instances Installed as Chrome Extensions

Finding LastPass Instances Installed as Chrome Extensions

January 3, 2023

By Mike Walters

After the recent major security breach at LastPass, this question started coming up more and more often: how do I find all the installs of LastPass on my users’ computers? Some companies want to migrate away from LastPass to another (not yet compromised) password manager, while others want to educate their users to adopt stronger master passwords.

Anyway, it turns out that most users don’t install LastPass as a Windows application and use it as a browser extension instead. Therefore it’s not detected by most RMMs as an installed application. You get a false sense of very low adoption of LastPass among your user base.

The following script was developed to find all Google Chrome extensions installed by all computer users. It will last LastPass among them if it is installed. You can add this script to your Action1 script library or use your existing RMM, if you don’t have Action1 yet. Shameless plug: Action1 is free for your first 100 endpoints 🙂

###########

$username = Get-ChildItem c:\users -Directory -Exclude ‘*Public*’, ‘*Default*’

$Chromeextensions = Foreach ($user in $username)
{
if ( Test-Path “C:\Users\$($user.name)\AppData\Local\Google\Chrome\User Data\Default\Extensions” )
{
$checks = get-childitem -Path “C:\Users\$($user.name)\AppData\Local\Google\Chrome\User Data\Default\Extensions” -Directory -Exclude ‘nmmhkkegccagdldgiimedpiccmgmieda’, ‘mhjfbmdgcfjbbpaeojofohoefgiehjai’, ‘pkedcjkdefgpdelpbcmbmeomcjbeemfm’, “Temp” -Verbose -ErrorAction stop
}
else
{
$Title = Write-Output “no extensions found”
}
Foreach ($check in $checks)
{

$url = “https://chrome.google.com/webstore/detail/” + $($check.name) + “?hl=en-us”

$WebRequest = Invoke-WebRequest -Uri $url -ErrorAction Stop -UseBasicParsing
$title = $WebRequest -match ‘<title>(?<titleText>.*?)</title>’
$capturedText = $Matches[‘titleText’]

if ($WebRequest.StatusCode -eq 200) {

# Get the HTML Page Title but remove ‘ – Chrome Web Store’
if (-not([string]::IsNullOrEmpty($capturedText))) {

$ExtTitle = $capturedText
if ($ExtTitle -match ‘\s-\s.*$’) {
$Title = $ExtTitle -replace “‘\s-\s.*$’,”
$extType = ‘ChromeStore’

} else {
$Title = $ExtTitle
}
}

[PSCustomObject][Ordered]@{
Title = $Title
User = $User
}
}
}
}

$result = New-Object System.Collections.ArrayList;

$i = 0;

$Chromeextensions | ForEach-Object {
$currentOutput = “” | Select-Object Title, User, A1_Key;
$currentOutput.Title = $_.Title;
$currentOutput.User = $_.User;
$currentOutput.A1_Key = $i;

$result.Add($currentOutput) | Out-Null;
$i++;
}

$result;

See What You Can Do with Action1

 

Join our weekly LIVE demo “Patch Management That Just Works with Action1” to learn more

about Action1 features and use cases for your IT needs.

 

spiceworks logo
getapp logo review
software advice review
trustradius
g2 review
spiceworks logo

Related Posts

6-Step Patch Management Process

Regular patching is essential for protecting your endpoints from cyberthreats, it is a well-known fact that hackers often exploit unpatched vulnerabilities in order to penetrate...

read more