Skip to content
Log In

Google Chrome Current Windows Security Technical Implementation Guide

Rules, Groups, and Values defined within the XCCDF Benchmark

  • SRG-APP-000141

    Group
    Show

  • Importing of saved passwords must be disabled.

    Importing of saved passwords should be disabled as it could lead to unencrypted account passwords stored on the system from another browser to be viewed. This policy forces the saved passwords to b...
    Rule Medium Severity
    Show

  • SRG-APP-000080

    Group
    Show

  • Incognito mode must be disabled.

    Incognito mode allows the user to browse the Internet without recording their browsing history/activity. From a forensics perspective, this is unacceptable. Best practice requires that browser hi...
    Rule Medium Severity
    Show

  • SRG-APP-000231

    Group
    Show

  • Browser history must be saved.

    This policy disables saving browser history in Google Chrome and prevents users from changing this setting. If this setting is enabled, browsing history is not saved. If this setting is disabled or...
    Rule Medium Severity
    Show

  • SRG-APP-000456

    Group
    Show

  • The version of Google Chrome running on the system must be a supported version.

    Google Chrome is being continually updated by the vendor in order to address identified security vulnerabilities. Running an older version of the browser can introduce security vulnerabilities to t...
    Rule Medium Severity
    Show

  • SRG-APP-000089

    Group
    Show

  • Deletion of browser history must be disabled.

    Disabling this function will prevent users from deleting their browsing history, which could be used to identify malicious websites and files that could later be used for anti-virus and Intrusion D...
    Rule Medium Severity
    Show

  • SRG-APP-000089

    Group
    Show

  • Prompt for download location must be enabled.

    If the policy is enabled, the user will be asked where to save each file before downloading. If the policy is disabled, downloads will start immediately, and the user will not be asked where to sav...
    Rule Medium Severity
    Show

  • SRG-APP-000089

    Group
    Show

  • SRG-APP-000206

    Group
    Show

  • SRG-APP-000141

    Group
    Show

  • WebUSB must be disabled.

    Allows you to set whether websites are allowed to get access to connected USB devices. Access can be completely blocked, or the user can be asked every time a website wants to get access to connect...
    Rule Medium Severity
    Show

  • SRG-APP-000089

    Group
    Show

  • Chrome Cleanup must be disabled.

    If set to "False", prevents Chrome Cleanup from scanning the system for unwanted software and performing cleanups. Manually triggering Chrome Cleanup from chrome://settings/cleanup is disabled. If ...
    Rule Medium Severity
    Show

  • SRG-APP-000089

    Group
    Show

  • Chrome Cleanup reporting must be disabled.

    If unset, should Chrome Cleanup detect unwanted software, it may report metadata about the scan to Google in accordance with policy set by “SafeBrowsingExtendedReportingEnabled”. Chrome Cleanup wil...
    Rule Medium Severity
    Show

  • SRG-APP-000141

    Group
    Show

  • Google Cast must be disabled.

    If this policy is set to ”True” or is not set, Google Cast will be enabled, and users will be able to launch it from the app menu, page context menus, media controls on Cast-enabled websites, and (...
    Rule Medium Severity
    Show

  • SRG-APP-000141

    Group
    Show

  • Autoplay must be disabled.

    This allows a user to control if videos can play automatically with audio content (without user consent) in Google Chrome. If the policy is set to "True", Google Chrome is allowed to autoplay medi...
    Rule Medium Severity
    Show

  • SRG-APP-000210

    Group
    Show

  • SRG-APP-000206

    Group
    Show

  • SRG-APP-000266

    Group
    Show

  • Chrome development tools must be disabled.

    While the risk associated with browser development tools is more related to the proper design of a web application, a risk vector remains within the browser. The developer tools allow end users and...
    Rule Low Severity
    Show

  • SRG-APP-000206

    Group
    Show

  • Guest Mode must be disabled.

    If this policy is set to true or not configured, Google Chrome will enable guest logins. Guest logins are Google Chrome profiles where all windows are in incognito mode. If this policy is set to f...
    Rule Medium Severity
    Show

  • SRG-APP-000206

    Group
    Show

  • AutoFill for credit cards must be disabled.

    Enabling Google Chrome's AutoFill feature allows users to auto complete credit card information in web forms using previously stored information. If this setting is disabled, Autofill will never su...
    Rule Medium Severity
    Show

  • SRG-APP-000206

    Group
    Show

  • AutoFill for addresses must be disabled.

    Enabling Google Chrome's AutoFill feature allows users to auto complete address information in web forms using previously stored information. If this setting is disabled, Autofill will never sugges...
    Rule Medium Severity
    Show

Node 2

siemur/test-space

The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.

Capacity
Modules