@@ -40,23 +40,9 @@ Shut off interest based ads by setting your preferences.
### Browser extensions
In general, if a particular application or browser extension (sometimes called a plugin) is referenced in the handbook, it is considered "approved".
For example, [1Password](/handbook/security/corporate/systems/1password/) is centered around the browser extension.
Another application is [Zoom](/handbook/tools-and-tips/#zoom), which has a scheduler extension.
However, be sure to search for specific information about the application.
Browser extensions on GitLab-managed devices are managed using an allowlist model. Only extensions that have been reviewed and approved by Corporate Security may be installed. All other extensions are blocked by default.
If you wish to use an extension not referenced in the handbook, consider the following before installing and using it:
- The extension should be work-related and help your overall productivity.
- The extension should be available from a reputable source, such as the browser's library of approved extensions.
- Ask. Feel free to ask your co-workers about good extensions, and if you have security or privacy concerns about an extension, ask the security team in #security on Slack.
Some browser extensions are listed below
#### Adblockers
Adblockers are browser extensions that can block advertising, prevent user tracking, and include other security-related features.
A popular one recommended by the Security Team is [uBlock Origin](https://github.com/gorhill/uBlock/) which can be installed for [Chrome](https://chromewebstore.google.com/detail/ublock-origin-lite/ddkjiahejlhfcafbddmgiahcphecmpfh)(uBlock Origin Lite).
For an up-to-date list of extensions approved vs blocked, including how to request a new extension and related policies, please visit our [internal docs](https://corpsecdevices-gitlab-io-a3d14d.gitlab.io/Policies/Chrome/Approved_Extensions/).
#### One Tab
@@ -73,15 +59,6 @@ This is particularly useful for testing with different users in the same browser
If you would like to receive daily notifications on newly opened issues, the Chrome extension [RSS Feed Reader](https://chrome.google.com/webstore/detail/rss-feed-reader/pnjaodmkngahhkoihejjehlcdlnohgmp) is an excellent tool for accomplishing this task.
After installing the extension, access the project page you are interested in following, under the project issues click on the "Subscribe to RSS feed" button which you can find in the top right corner of the page.
### Flash (do NOT use)
**Flash**: Due to security flaws, we strongly recommend *not* using Adobe Flash.
Certainly do not install it on your local machine.
But even the Google Chrome plugin that lets you see embedded Flash content in websites can pose a security hazard.
If you have not already, go to your [Chrome Flash Settings](chrome://settings/content/flash) and disable Flash.
For further context, note that [Google Chrome is removing Flash support soon](https://web.archive.org/web/20230128093704/https://nakedsecurity.sophos.com/2016/05/18/yet-more-bad-news-for-flash-as-google-chrome-says-goodbye-sort-of/), and while the [plugin is better than a local install of Flash](https://security.stackexchange.com/questions/98117/should-flash-be-disabled-or-are-sandboxes-secure-enough),
it still leaves vulnerabilities for [zero-day attacks](https://en.wikipedia.org/wiki/Zero-day_vulnerability).
### Prototyping in the browser
Sometimes you only need to capture small textual or visual changes in a web page as part of a bug report or a feature proposal.
