[sandinmyjoints]

> Preliminary results revealed that 5% of people accessing Google every day have been caught out by at least one malicious extension.

How might they have detected what extensions are installed in their visitor's browsers?

Is there a way to enumerate installed extensions?

http://browserspy.dk/ and https://panopticlick.eff.org/ detect plugins, but those aren't the same as extensions.

[kuschku]

Google probably compares all the JS and HTML of the resulting page in-browser with the code that they originally delivered, allowing them to see if an extension or userscript manipulated it.

[fragmede]

The article mentions Google was involved in the research, so they just went by the number of downloads of malware extensions on their store.