Google Chrome Current Windows Security Technical Implementation Guide
Rules, Groups, and Values defined within the XCCDF Benchmark
-
SRG-APP-000206
Group -
SRG-APP-000383
Group -
SRG-APP-000080
Group -
Sites ability to show pop-ups must be disabled.
Chrome allows you to manage whether unwanted pop-up windows appear. Pop-up windows that are opened when the end user clicks a link are not blocked. If you enable this policy setting, most unwanted ...Rule Medium Severity -
Default search provider must be enabled.
Policy enables the use of a default search provider. If you enable this setting, a default search is performed when the user types text in the omnibox that is not a URL. You can specify the default...Rule Medium Severity -
Background processing must be disabled.
Determines whether a Google Chrome process is started on OS login that keeps running when the last browser window is closed, allowing background apps to remain active. The background process displa...Rule Medium Severity -
Cloud print sharing must be disabled.
Policy enables Google Chrome to act as a proxy between Google Cloud Print and legacy printers connected to the machine. If this setting is enabled or not configured, users can enable the cloud prin...Rule Medium Severity -
Metrics reporting to Google must be disabled.
Enables anonymous reporting of usage and crash-related data about Google Chrome to Google and prevents users from changing this setting. If you enable this setting, anonymous reporting of usage and...Rule Medium Severity -
Online revocation checks must be performed.
By setting this policy to true, the previous behavior is restored and online OCSP/CRL checks will be performed. If the policy is not set, or is set to false, then Chrome will not perform online rev...Rule Medium Severity -
Safe Browsing must be enabled.
Allows you to control whether Google Chrome's Safe Browsing feature is enabled and the mode it operates in. If this policy is set to 'NoProtection' (value 0), Safe Browsing is never active. If th...Rule Medium Severity -
Download restrictions must be configured.
Configure the type of downloads that Google Chrome will completely block, without letting users override the security decision. If you set this policy, Google Chrome will prevent certain types of d...Rule Medium Severity -
Safe Browsing Extended Reporting must be disabled.
Enables Google Chrome's Safe Browsing Extended Reporting and prevents users from changing this setting. Extended Reporting sends some system information and page content to Google servers to help d...Rule Medium Severity -
Anonymized data collection must be disabled.
Enable URL-keyed anonymized data collection in Google Chrome and prevent users from changing this setting. URL-keyed anonymized data collection sends URLs of pages the user visits to Google to make...Rule Medium Severity -
Collection of WebRTC event logs must be disabled.
If the policy is set to “true”, Google Chrome is allowed to collect WebRTC event logs from Google services (e.g., Google Meet), and upload those logs to Google. If the policy is set to “false”, or ...Rule Medium Severity -
Web Bluetooth API must be disabled.
Setting the policy to 3 lets websites ask for access to nearby Bluetooth devices. Setting the policy to 2 denies access to nearby Bluetooth devices. Leaving the policy unset lets sites ask for acc...Rule Medium Severity -
Use of the QUIC protocol must be disabled.
QUIC is used by more than half of all connections from the Chrome web browser to Google's servers, and this activity is undesirable in the DoD. Setting the policy to Enabled or leaving it unset al...Rule Medium Severity -
Session only based cookies must be enabled.
Cookies must only be allowed per session and only for approved URLs as permanently stored cookies can be used for malicious intent. Approved URLs may be allowlisted via the CookiesAllowedForUrls ...Rule Medium Severity -
SRG-APP-000047
Group -
SRG-APP-000605
Group -
URLs must be allowlisted for Autoplay use.
Controls the allowlist of URL patterns that autoplay will always be enabled on. If the "AutoplayAllowed" policy is set to "True" then this policy will have no effect. If the "AutoplayAllowed" polic...Rule Medium Severity -
SRG-APP-000206
Group -
SRG-APP-000206
Group -
Import AutoFill form data must be disabled.
This policy forces the autofill form data to be imported from the previous default browser if enabled. If enabled, this policy also affects the import dialog. If disabled, the autofill form data is...Rule Medium Severity -
SRG-APP-000141
Group -
SRG-APP-000039
Group -
Firewall traversal from remote host must be disabled.
Remote connections should never be allowed that bypass the firewall, as there is no way to verify if they can be trusted. Enables usage of STUN and relay servers when remote clients are trying to e...Rule Medium Severity -
SRG-APP-000206
Group -
Site tracking users location must be disabled.
Website tracking is the practice of gathering information as to which websites were accesses by a browser. The common method of doing this is to have a website create a tracking cookie on the brows...Rule Medium Severity -
SRG-APP-000141
Group -
SRG-APP-000089
Group -
Extensions installation must be blocklisted by default.
Extensions are developed by third party sources and are designed to extend Google Chrome's functionality. An extension can be made by anyone, to do and access almost anything on a system; this mean...Rule Medium Severity -
SRG-APP-000210
Group -
Extensions that are approved for use must be allowlisted.
The allowlist should only contain organizationally approved extensions. This is to prevent a user from accidently allowlisitng a malicious extension. This policy allows you to specify which extensi...Rule Low Severity -
SRG-APP-000141
Group -
The default search providers name must be set.
Specifies the name of the default search provider that is to be used, if left empty or not set, the host name specified by the search URL will be used. This policy is only considered if the 'Defaul...Rule Medium Severity -
SRG-APP-000141
Group -
The default search provider URL must be set to perform encrypted searches.
Specifies the URL of the search engine used when doing a default search. The URL should contain the string '{searchTerms}', which will be replaced at query time by the terms the user is searching f...Rule Medium Severity -
SRG-APP-000141
Group -
SRG-APP-000141
Group -
The Password Manager must be disabled.
Enables saving passwords and using saved passwords in Google Chrome. Malicious sites may take advantage of this feature by using hidden fields gain access to the stored information. If you enable t...Rule Medium Severity -
SRG-APP-000112
Group -
SRG-APP-000047
Group -
Google Data Synchronization must be disabled.
Disables data synchronization in Google Chrome using Google-hosted synchronization services and prevents users from changing this setting. If you enable this setting, users cannot change or overrid...Rule Medium Severity -
SRG-APP-000141
Group -
The URL protocol schema javascript must be disabled.
Each access to a URL is handled by the browser according to the URL's "scheme". The "scheme" of a URL is the section before the ":". The term "protocol" is often mistakenly used for a "scheme". The...Rule Medium Severity -
SRG-APP-000516
Group -
Network prediction must be disabled.
Enables network prediction in Google Chrome and prevents users from changing this setting. If you enable or disable this setting, users cannot change or override this setting in Google Chrome. If t...Rule Medium Severity -
SRG-APP-000141
Group -
SRG-APP-000141
Group -
Search suggestions must be disabled.
Search suggestion should be disabled as it could lead to searches being conducted that were never intended to be made. Enables search suggestions in Google Chrome's omnibox and prevents users from ...Rule Medium Severity
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.