Check if user has a third party Chrome extension installed

by

Assuming you need it from a website

connect/message method implies that the extension specifically listed your website in the list of origins it expects connection from. This is unlikely unless you wrote this extension yourself, as this cannot be a wildcard domain.

Referring to files within the extension from web context will return 404 simulate a network error unless the extension declared them as web-accessible. This used to work before 2012, but Google closed that as a fingerprinting method – now extensions have to explicitly list resources that can be accessed. The extension you specifically mention doesn’t list any files as web-accessible, so this route is closed as well.

chrome.management is an extension API; websites cannot use it at all.

Lastly, if an extension has a content script that somehow modifies the DOM of your webpage, you may detect those changes. But it’s not very reliable, as content scripts can change their logic. Again, in your specific case the extension listens to a DOM event, but does not anyhow make clear the event is received – so this route is closed.

Note that, in general, you cannot determine that content script code runs alongside yours, as it runs in an isolated context.

All in all, there is no magic solution to that problem. The extension has to cooperate to be discoverable, and you cannot bypass that.

Assuming you need it from another extension

Origins whitelisted for connect/message method default to all extensions; however, for this to work the target extension needs to listen to onConnectExternal or onMessageExternal event, which is not common.

Web-accessible resources have the same restrictions for access from other extensions, so the situation is not better.

Observing a page for changes with your own content script is possible, but again there may be no observable ones and you cannot rely on those changes being always the same.

Similar to extension-webpage interaction, content scripts from different extensions run in isolated context, so it’s not possible to directly “catch”code being run.

chrome.management API from an extension is the only surefire way to detect a 3rd party extension being installed, but note that it requires "management" permission with its scary warnings.

More Related Contents:

  1. How can I get the current Crome URL?
  2. Chrome extension that enables chatting with users on same page [closed]
  3. Persistent Service Worker in Chrome Extension
  4. How to wait until an element exists?
  5. How to import ES6 modules in content script for Chrome Extension
  6. Chrome extension: How to save a file on disk
  7. Chrome Extension: Port error: Could not establish connection. Receiving end does not exist.
  8. Unchecked runtime.lastError while running tabs.executeScript?
  9. Contexts and methods for communication between the browser action, background scripts, and content scripts of chrome extensions?
  10. How do I auto-reload a Chrome extension I’m developing?
  11. Chrome Extension: Get Page Variables in Content Script
  12. Upload File as a Form Data through chrome extension
  13. saving and retrieving from chrome.storage.sync
  14. How do I send an HTTP GET request from a Chrome extension?
  15. Completely lost on how to save extension popup window content
  16. Is there a way to uniquely identify an iframe that the content script runs in for my Chrome extension?
  17. How to make side panel in chrome extension?
  18. Does extension messaging like chrome.runtime.sendMessage internally use JSON.stringify?
  19. google chrome extension :: console.log() from background page?
  20. Can I prevent an alert() with a Google Chrome Extension
  21. How can I save information locally in my chrome extension?
  22. How to get the currently opened tab’s URL in my page action popup?
  23. How to get errors stack trace in Chrome extension content script?
  24. How do I send an HTTP request from a Chrome extension?
  25. Pass a variable from content script to popup
  26. Prevent window.open from focusing
  27. Associate a custom user agent to a specific Google Chrome page/tab
  28. How to clear chrome.storage.local and chrome.storage.sync?
  29. Can a website block a Chrome Extension? [duplicate]
  30. Where are cookies saved for a local HTML file?

Leave a Comment