Prevent Desktop Notifications

An XCCDF Rule

Details
Profiles

Description

Chromium by default allows websites to display notifications on the desktop. To disable this setting, set DefaultNotificationsSetting to 2 in the Chromium policy file.

Rationale

Disabling Chromium's ability to display notifications on the desktop helps prevent malicious websites from controlling desktop notifications or fooling users into clicking on a potentially compromised notification.

ID: xccdf_org.ssgproject.content_rule_chromium_block_desktop_notifications
Severity: Unknown
References: DTBC0003
Updated: over 1 year ago

Remediation Templates

if ! grep -q DefaultNotificationsSetting /etc/chromium/policies/managed/chrome_stig_policy.json; then
   sed -i -e '/{/a \  "'DefaultNotificationsSetting'": '2',' /etc/chromium/policies/managed/chrome_stig_policy.json
else
   sed -i -e 's/\"'DefaultNotificationsSetting'.*/\"'DefaultNotificationsSetting'\": '2',/g' /etc/chromium/policies/managed/chrome_stig_policy.json
fi

Prevent Desktop Notifications

Description

Rationale

Remediation Templates

A Shell Script