Guide to the Secure Configuration of Chromium
Rules, Groups, and Values defined within the XCCDF Benchmark
-
Disable Chromium's Ability to Traverse Firewalls
Chromium has the ability to bypass and ignore the system firewall. This ability should be disabled. To disable this setting, set <code>RemoteAcces...Rule Unknown Severity -
Disable Data Synchronization to Google
SyncDisabledtotruein the Chromium policy file.Rule Unknown Severity -
Disable Incognito Mode
Incognito Mode allows users to browse in private which prevents monitoring and validating user browsing habits. This capability should be disabled ...Rule Unknown Severity -
Disable Metrics Reporting
Whenever Chromium crashes, it sends its usage and crash-related data to Google. This should be disabled by setting <code>MetricsReportingEnabled</c...Rule Unknown Severity -
Disable Network Prediction
To disable the network prediction feature, setDnsPrefetchingEnabledtofalsein the Chromium policy file.Rule Unknown Severity -
Disable Outdated Plugins
Outdated plugins should be disabled by settingAllowOutdatedPluginstofalsein the Chromium policy file.Rule Unknown Severity -
Disable Chromium Password Manager
Chromium Password Manager allows the saving and using of passwords in Chromium. This should be disabled by setting <code>PasswordManagerEnabled</co...Rule Unknown Severity -
Disable All Plugins by Default
Plugins are developed internally or by third party sources and are designed to extend Google Chromium's functionality. All plugins should be blackl...Rule Unknown Severity -
Disable Popups
Chromium allows you to manage whether or not unwanted pop-up windows appear. To disable pop-ups, set <code>DefaultPopupsSetting</code> to <code>2</...Rule Unknown Severity -
Disable Insecure And Obsolete Protocol Schemas
Each access to a URL is handled by the browser according to the URL's "scheme". The "scheme" of a URL is the section before the ":". The term "prot...Rule Unknown Severity -
Disable Saved Passwords
Disable by settingImportSavedPasswordstofalsein the Chromium policy file.Rule Unknown Severity -
Disable Search Suggestion
Chromium tries to guess what users are searching for when users enter search data in the search Omnibox. This should be disabled by setting <code>...Rule Unknown Severity -
Disable Session Cookies
To disable session only cookies sites, setCookiesSessionOnlyForUrlstononein the Chromium policy file.Rule Unknown Severity -
Disable 3rd Party Cookies
Third party cookies should be be enabled. To disable third party cookies, set <code>BlockThirdPartyCookies</code> to <code>true</code> in the Chrom...Rule Unknown Severity -
Disable Location Tracking
Location tracking is enabled by default and can track user's browsing habits. Location tracking should be disabled by setting <code>DefaultGeolocat...Rule Unknown Severity -
Enable Only Approved Plugins
An organization might need to use an internal or third party developed plugins. Any organizationally approved plugin should be enabled. To enable a...Rule Unknown Severity -
Enable Saving the Browser History
Users can enable or disable the saving of browser history in Chromium. Browser history should be retained by setting <code>SavingBrowserHistoryDisa...Rule Unknown Severity -
Enable Encrypted Searching
Specifies the URL of the search engine used when doing a default search. The URL should contain the string <code>{searchTerms}</code>. To set the U...Rule Unknown Severity -
Enable the Safe Browsing Feature
Chromium has the capability to check URLs for known malware and phishing associated with websites through the Safe Browsing Feature. This can be ...Rule Unknown Severity -
Enable Only Approved Extensions
An organization might need to use an internal or third party developed extension. Any organizationally approved extenstion should be enabled. To en...Rule Unknown Severity
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.