ExtDrift

A CLI scanner that versions every installed browser extension's permission manifest, detects silent expansions after auto-updates and ownership transfers, and blocks the extension from running until a security engineer clears it.

Problem

Chrome silently auto-updates every installed extension. When a compromised developer or new owner pushes a manifest change that adds broad host permissions, new content scripts, or new API grants, the browser installs it instantly — no user prompt, no admin alert, no audit trail. The December 2024 supply chain attack that compromised 36 extensions and exposed 2.6 million users, and the February 2026 QuickLens ownership-transfer attack, both exploited this gap: malicious code was running for hours before any user had a signal that something had changed. Enterprise MDMs can blocklist extensions by ID but do not baseline permissions per-version or alert when a trusted extension silently acquires <all_urls> access after an update. The permission surface of every installed extension on a company laptop is functionally unmonitored.

Target user

DevSecOps and endpoint security engineers at companies with 50–5,000 seats who maintain a browser extension allow-list and need continuous assurance that approved extensions have not drifted since approval. JTBD: "Tell me the instant a browser extension our team is running changes its permission surface — before the malicious payload has been active for 24 hours." Secondary: individual power users and security researchers who want the same signal on their own machines.

MVP scope

• Enrollment snapshot: on first run, enumerates all installed Chrome and Edge extensions, fetches each extension's CRX manifest from the Chrome Web Store API, and writes a signed baseline recording extension ID, version, developer account, declared permissions, host permissions, and content-script match patterns.
• Drift scan: re-runs on a cron schedule or on demand, diffs the live manifest against the baseline, and flags three event types — permission expansion (new or broadened permission entry), developer transfer (publisher account change), and version-without-manifest-delta (binary change with no declared permission change, a known obfuscation footprint).
• Block mode: writes a Chrome enterprise policy file that sets the drifted extension to blocked state until a human runs ext-drift approve <ext-id>, which commits the new baseline entry and lifts the block.
• Report output: human-readable --report flag, SARIF output for GitHub code scanning, and a webhook POST compatible with Slack and PagerDuty.
• Headless CI mode: ext-drift scan --ci exits non-zero and emits SARIF when any enrolled extension has drifted from its approved baseline — usable as a GitHub Actions step or endpoint security pipeline gate.

Monetization

Freemium. ExtDrift CLI is MIT-licensed and free. ExtDrift Team at $8/seat/month or $49/month flat for up to 20 seats: a cloud dashboard aggregating drift events across all enrolled machines, a per-extension version and permission timeline, and centralized Slack/PagerDuty webhooks rather than per-device alerts. ExtDrift Enterprise at $299/month for up to 100 seats: SAML SSO, an org-wide approved-manifest registry, MDM export for Intune and Jamf, and a quarterly audit-ready PDF showing extension coverage and all drift events resolved or waived.

Why now

The December 2024 Cyberhaven supply chain attack — 36 extensions compromised, 2.6 million users exposed, Facebook credential harvesting running silently until disclosed on January 3, 2025 — established silent extension updates as a proven enterprise attack surface. The February 2026 QuickLens incident confirmed the ownership-transfer variant: new developer, silent update, malicious payload before a single user saw a change. CVE-2026-7952, patched in Chrome 148 in May 2026, showed that even policy-compliant extensions can silently escalate privileges via the declarativeNetRequest API. A 2026 audit of enterprise browser fleets found that 31% of extensions exhibited problematic behavior within 30 days of an ownership transfer — yet mainstream EDRs and MDMs still treat extension IDs as static identifiers rather than versioned, permission-tracked assets. As browser extensions deepen into AI-assistant workflows (Gemini Panel, Copilot sidebar), the blast radius of a single compromised extension grows considerably.

Risks & open questions

• Chrome Web Store API rate limits may throttle bulk manifest fetches for large fleets; need a local CRX unpack fallback.
• Manifest JSON can change permission ordering without semantic change; requires semantic diffing, not line-diff, to suppress false positives.
• Cross-browser parity: Firefox uses a different extension model; MVP targets Chrome and Edge only, Firefox as a phase-two.
• Enterprise block mode requires the ExtensionSettings Chrome policy to be managed; limits the SMB TAM to orgs already running Chrome enterprise management.
• Demand-side risk: security teams may deprioritize if they believe Chrome Web Store review is sufficient — but the December 2024 incident passed through Web Store review and still compromised 36 extensions.

Next step

Promote to weekly prototype — build the enrollment and drift-scan loop in Go with a local SQLite baseline and a --report flag; validate against the 36 known-compromised extensions from December 2024.

Sources

• https://www.govinfosecurity.com/36-chrome-extensions-compromised-in-supply-chain-attack-a-27207 — December 2024 supply chain attack: 36 Chrome extensions compromised, 2.6 million users affected
• https://pluto.security/blog/chrome-extension-supply-chain-attacks-permission-creep/ — ownership transfers enabling silent permission creep; 31% of enterprise extensions show problematic behavior within 30 days of transfer
• https://windowsnews.ai/article/cve-2026-7952-chromium-extension-policy-fix-in-chrome-148-edge-and-others.417045 — CVE-2026-7952 patched in Chrome 148 (May 2026); extensions bypassing declarativeNetRequest permission policies
• https://thehackernews.com/2026/03/chrome-extension-turns-malicious-after.html?m=1 — QuickLens ownership transfer attack, February 2026: malicious update pushed silently after ownership change