Guide to the Secure Configuration of Chromium
Rules, Groups, and Values defined within the XCCDF Benchmark
-
Whitelisted Chromium Extenstions
Chromium extensions approved for useValue -
Default Chromium Homepage
Default homepage for Chromium usersValue -
Chromium
Chromium is an open-source web browser, powered by WebKit (Blink), and developed by Google. Web browsers such as Chromium are used for a number of reasons. This section provides settings for config...Group -
Chromium HTTP Authentication Setting
Chromium HTTP Authentication TypesValue -
The Default Search provider in Chromium
The URL for the Default Search provider in ChromiumValue -
Chromium Enabled Plugins
Chromium Enabled PluginsValue -
Encrypted Chromium Search URLs
Encrypted search URL for the Default Search ProviderValue -
Blacklisted Chromium Protocols
Blacklisted Protocol Schemas in ChromiumValue -
Disable All Extensions by Default
Extensions are developed by third party sources and are designed to extend Google Chromium's functionality. As an extension can be made by anyone, all extensions should be blacklisted from install...Rule Unknown Severity -
Prevent Desktop Notifications
Chromium by default allows websites to display notifications on the desktop. To disable this setting, setDefaultNotificationsSettingto2in the Chromium policy file.Rule Unknown Severity -
Enable Online OCSP/CRL Certificate Checks
Certificates can become compromised, and Chromium should check that the certificates in its store are valid by setting <code>EnableOnlineRevocationChecks</code> to <code>true</code> in the Chromium...Rule Unknown Severity -
Block Plugins by Default
By default, websites are allowed to automatically run plugins. Users should be prompted to allow plugins to execute plugins by setting <code>DefaultPluginsSetting</code> to <code>3</code> in the Ch...Rule Unknown Severity -
Enable the Default Search Provider
By default users, can change search provider settings. To disable this, setDefaultSearchProviderEnabledtotruein the Chromium policy file.Rule Unknown Severity -
Set the Default Search Provider's URL
Specifies the URL of the default search provider that is to be used. To set the URL of the default search provider, set <code>DefaultSearchProviderName</code> to <code><xccdf-1.2:sub idref="xccdf_o...Rule Unknown Severity -
Disable the 3D Graphics APIs
Chromium uses WebGL to render graphics using the GPU which allows website access to the GPU. This should be disabled by setting <code>Disable3DAPIs</code> to <code>true</code> in the Chromium polic...Rule Unknown Severity -
Disable the AutoFill Feature
The AutoFill feature suggests possible matches when users are filling in forms. To disable the AutoFill feature, setAutoFillEnabledtofalsein the Chromium policy file.Rule Unknown Severity -
Disable Automatic Search And Installation of Plugins
Chromium will automatically detect, search, and install plugins as required. This should be disabled by settingDisablePluginFindertotruein the Chromium policy file.Rule Unknown Severity -
Disable Background Processing
Chromium can be set to run at all times and process in the background. This should be disabled by settingBackgroundModeEnabledtofalsein the Chromium policy file.Rule Unknown Severity -
Disable Use of Cleartext Passwords
Chromium allows users to import and store passwords in cleartext. This should be disabled by settingPasswordManagerAllowShowPasswordstofalsein the Chromium policy file.Rule Unknown Severity -
Disable Cloud Print Sharing
Chromium has cloud sharing capabilities including sharing printers connected to the system. This is done via a proxy. To disable printer sharing, set <code>CloudPrintProxyEnabled</code> to <code>fa...Rule Unknown Severity -
Disable Chromium's Ability to Traverse Firewalls
Chromium has the ability to bypass and ignore the system firewall. This ability should be disabled. To disable this setting, set <code>RemoteAccessHostFirewallTraversal</code> to <code>false</code...Rule Unknown Severity -
Disable Data Synchronization to Google
SyncDisabledtotruein the Chromium policy file.Rule Unknown Severity -
Disable Incognito Mode
Incognito Mode allows users to browse in private which prevents monitoring and validating user browsing habits. This capability should be disabled by setting <code>IncognitoModeAvailability</code> ...Rule Unknown Severity -
Disable Metrics Reporting
Whenever Chromium crashes, it sends its usage and crash-related data to Google. This should be disabled by setting <code>MetricsReportingEnabled</code> to <code>false</code> in the Chromium policy...Rule Unknown Severity -
Disable Network Prediction
To disable the network prediction feature, setDnsPrefetchingEnabledtofalsein the Chromium policy file.Rule Unknown Severity -
Disable Outdated Plugins
Outdated plugins should be disabled by settingAllowOutdatedPluginstofalsein the Chromium policy file.Rule Unknown Severity -
Disable Chromium Password Manager
Chromium Password Manager allows the saving and using of passwords in Chromium. This should be disabled by setting <code>PasswordManagerEnabled</code> to <code>false</code> in the Chromium policy ...Rule Unknown Severity -
Disable All Plugins by Default
Plugins are developed internally or by third party sources and are designed to extend Google Chromium's functionality. All plugins should be blacklisted from installation by default. To blacklist ...Rule Unknown Severity -
Disable Popups
Chromium allows you to manage whether or not unwanted pop-up windows appear. To disable pop-ups, setDefaultPopupsSettingto2in the Chromium policy file.Rule Unknown Severity -
Disable Insecure And Obsolete Protocol Schemas
Each access to a URL is handled by the browser according to the URL's "scheme". The "scheme" of a URL is the section before the ":". The term "protocol" is often mistakenly used for a "scheme". The...Rule Unknown Severity -
Disable Saved Passwords
Disable by settingImportSavedPasswordstofalsein the Chromium policy file.Rule Unknown Severity -
Disable Search Suggestion
Chromium tries to guess what users are searching for when users enter search data in the search Omnibox. This should be disabled by setting <code>SearchSuggestEnabled</code> to <code>false</code> ...Rule Unknown Severity -
Disable Session Cookies
To disable session only cookies sites, setCookiesSessionOnlyForUrlstononein the Chromium policy file.Rule Unknown Severity -
Disable 3rd Party Cookies
Third party cookies should be be enabled. To disable third party cookies, setBlockThirdPartyCookiestotruein the Chromium policy file.Rule Unknown Severity -
Disable Location Tracking
Location tracking is enabled by default and can track user's browsing habits. Location tracking should be disabled by setting <code>DefaultGeolocationSetting</code> to <code>2</code> in the Chromi...Rule Unknown Severity -
Enable Only Approved Plugins
An organization might need to use an internal or third party developed plugins. Any organizationally approved plugin should be enabled. To enable approved plugins, set <code>EnabledPlugins</code> t...Rule Unknown Severity -
Enable Saving the Browser History
Users can enable or disable the saving of browser history in Chromium. Browser history should be retained by setting <code>SavingBrowserHistoryDisabled</code> to <code>false</code> in the Chromium ...Rule Unknown Severity -
Enable Encrypted Searching
Specifies the URL of the search engine used when doing a default search. The URL should contain the string <code>{searchTerms}</code>. To set the URL of the search engine, set <code>DefaultSearchPr...Rule Unknown Severity -
Enable the Safe Browsing Feature
Chromium has the capability to check URLs for known malware and phishing associated with websites through the Safe Browsing Feature. This can be enabled by setting <code>SafeBrowsingEnabled</code...Rule Unknown Severity -
Enable Only Approved Extensions
An organization might need to use an internal or third party developed extension. Any organizationally approved extenstion should be enabled. To enable approved extensions, set <code>ExtensionInsta...Rule Unknown Severity -
Set Chromium's HTTP Authentication Scheme
To set the default Chromium's HTTP Authentication Scheme, set <code>AuthSchemes</code> to <code><xccdf-1.2:sub idref="xccdf_org.ssgproject.content_value_var_auth_schema" use="legacy"></xccdf-1.2:su...Rule Unknown Severity -
Require Outdated Plugins to be Authorized
Chromium should prompt users for authorization to run outdated plugins. This can be enabled by settingAlwaysAuthorizePluginstofalsein the Chromium policy file.Rule Unknown Severity -
Set the Default Home Page
When a browser is started the first web page displayed is the "home page". While the home page can be selected by the user, the default home page needs to be defined to display an approved page. To...Rule Unknown Severity -
Ensure the Chromium Policy Configuration File Exists
Chromium can be configured with numerous policies and settings. These settings can be set so that a user is unable to edit or change them. To prevent users from setting or changing Chromium setting...Rule Unknown Severity -
Enable Plugins for Only Approved URLs
In some cases, plugins utilized by organizationally approved websites may be allowed to be used by those websites, configure the approved URLs allowed to run plugins by setting <code>PluginsAllowed...Rule Unknown Severity
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.
Capacity
Modules