1. To start, you're going to want to reset your chrome device to factory settings. If your chrome device is not managed or does not forbid this feature, use the Powerwash tool by signing out of your profile and then pressing Ctrl + Alt + Shift + r.
If your chrome device has this feature forbidden, then enter the recovery boot by pressing esc + ↺+ ⏻ (refresh and power) and then pressing Ctrl + D to enter developer mode. If Developer Mode is blocked, continue with clearing your data. If you are presented with a screen that says "OS Verification is OFF" press enter and then clear your data.
Once your data has been cleared, continue signing into your user profile. Fill out the Enterprise Enrollment screen if applicable.
After logging into your profile, navigate to chrome://extensions and open the Task Manager. Wait for the enforcement extension to load in and then wait about 5 seconds. Press esc + ↺+ ⏻. If the recovery dialog shows, press ⏻ to turn off your chrome device and then press ⏻ again to turn it back on after about a second.
WARNING: This process clears all data including your network settings. If you do not know your network settings or credentials, only delete your user profile and do not reset your chrome device.
Repeat this process until you can see that your enforcement extension has been corrupted. This will be evident by the extension showing a default/missing icon.
If there is an extension that has been corrupted that you still wish to use, navigate to chrome://extensions again and then look for the extension that you are trying to recover. It will have a default icon and should have the message "This extension may have been corrupted." under that message press the "Repair" button.
Your exploited chrome device will stay in this state until you delete your user profile, update all extensions or the enforcement extension has a new version.
Notes:
If the exploit fails more then 5 times, please delete your user profile and try again. If the extension loads even when Wi-Fi is off after your first login even though there is not enough time to download the extension again, the extension may be resident in the system cache. In this case you have no choice but to powerwash/reset to factory settings.
This guide is purely for instructional purposes. If you choose to follow it on a chrome device that you do not own, there is no guarantee that your organization will not take action against you. Tread wisely.
You should be aware that it is unpredictable when the extension will be restored by updates. It is a good idea to use a browser that lives in its own app so that a: no history is recorded, b: the enforcement platform does not have data of the tabs you have open at the time when it is restored. While this page cannot recommend a specific app to use for this, you can search the chrome web store for "browser" and then select "Apps" on the sidebar. Make sure you independently verify the code of the app you choose to use to make sure it is not recording or sending home any of your browsing data or injecting non trusted scrips to your pages. If your organization blocks the install of extensions or has blacklisted the app you choose to use, this unfortunately is not an option. There is no known way to bypass chrome policies at this point.
The keys to use on a chromebox or chromebit are the function row keys on your keyboard.
If you know of any exploits, please report them even if they have the same effect. You can send your exploits to fistonal at protonmail dot com. Your information will be kept confidential but if you would like credit, please include that in your email. If you wish, you can encrypt your email with the key found at https://keybase.io/tylerhoban.
GitHub may take down this page, there is a mirror on Telegram at https://t.me/ChromeExpoit