Chrome Cleanup must be disabled.
An XCCDF Rule
Description
<VulnDiscussion>If set to "False", prevents Chrome Cleanup from scanning the system for unwanted software and performing cleanups. Manually triggering Chrome Cleanup from chrome://settings/cleanup is disabled. If set to "True" or unset, Chrome Cleanup periodically scans the system for unwanted software and should any be found, will ask the user if they wish to remove it. Manually triggering Chrome Cleanup from chrome://settings is enabled. This policy is available only on Windows instances that are joined to a Microsoft Active Directory domain.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>
- ID
- SV-221592r960879_rule
- Severity
- Medium
- References
- Updated
Remediation - Manual Procedure
Windows group policy:
1. Open the "group policy editor" tool with gpedit.msc.
2. Navigate to Policy Path: Computer Configuration\Administrative Templates\Google\Google Chrome
Policy Name: Enable Chrome Cleanup on Windows
Policy State: Disabled
Policy Value: N/A