[revicon]

If you're on a mac, you can list all the IDs of your installed browser extensions across all your profiles like this...

  find "$HOME/Library/Application Support/Google/Chrome" \
    -type d -path "*/Extensions/*" -not -path "*/Extensions/*/*" \
    -print 2>/dev/null | sed 's#.*/Extensions/##' | sort -u

Compare to the list of bad extensions. I stuck a stripped down list here...

  https://www.sfbaylabs.org/files2/2026-02-11/chrome_extensions_exfiltrating_history.txt

[revicon]

Here's a one-shot script that does the compare for you, in case it's helpful...

  https://www.sfbaylabs.org/files2/2026-02-11/bad_browser_extension_check_osx.sh

You can run it directly if you cut/paste this in your mac terminal...

  curl -fsSL https://www.sfbaylabs.org/files2/2026-02-11/bad_browser_extension_check_osx.sh | bash

[amalter]

Is there any irony in a thread on browser malware that includes a "please run this bash script blind"?

Not that I don't trust you, but between now and when someone stumbles on this thread, your domain could expire and I could publish something crazy at that url.

[revicon]

This is why I put the raw url to the script first in my comment. Downloading the script file, doing a chmod +x and then a ./script.sh to execute it is daunting for some.

But I'll add a caveat to my original comment as well.

edit: Looks like I can't edit my original comment anymore.