This detection rule targets unauthorized modifications to Windows registry keys linked to the Chrome Extension Install Allowlist. These alterations may signify attempts to obstruct Chrome's extension regulations or to install unapproved extensions, raising potential concerns about security policy breaches or malicious activities regarding Chrome extension configurations. The rule employs Sysmon EventID 13 to monitor events associated with these registry paths and effectively captures any anomalies in registry actions, specifically those related to the Chrome extension policies. The underlying search identifies the count of events, their timing, and attributes pertaining to registry modifications, which will inform cybersecurity analysts of risk events and facilitate in-depth investigations into potential browser hijacking incidents.