asked on
Removal of LastPass Chome extension for all
Due to the latest LastPass breach we want to remove all instances of the LastPass Chome extension. LastPass isn't approved for use, but we found several systems that have it installed and are looking for the most efficient way for our admins to get it removed from the various users systems. Any suggestions? We have BigFix, PowerShell, and GPO.
The LastPass extention ID is - hdokiejnpimakedhajhdlcegeplioahd
It looks like LastPass creates a directory in:
C:\Users\YOUR USER NAME\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd
And the only registry entry found at this point it:
HKEY_USERS\S-1-5-21-2781008914-XXXXXXXX-XXXXXXXX-6137\SOFTWARE\Google\Chrome\PreferenceMACs\Default\extensions.settings
It doesn't appear to create anything in the following, which was surprising:
\HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Google\Chrome\Extensions\
https://security.stackexchange.com/questions/66239/how-to-prevent-installation-of-google-chrome-extensions#:~:text=Go%20to%20Computer%20Configuration%20%3E%20Administrative,prevent%20users%20from%20installing%20plugins.
Seems overkill to me. If anything, you should have an allow list for extensions instead of a block list.