Disable the 3D Graphics APIs

An XCCDF Rule

Details
Profiles
Prose

Description

Chromium uses WebGL to render graphics using the GPU which allows website access to the GPU. This should be disabled by setting Disable3DAPIs to true in the Chromium policy file.

Rationale

This setting prevents web pages from accessing the graphics processing unit (GPU). Specifically, web pages cannot access the WebGL API and plugins cannot use the Pepper 3D API in order to reduce the attack surface.

ID: xccdf_org.ssgproject.content_rule_chromium_disable_3d_graphics_api
Severity: Unknown
References: DTBC0019
Updated: about 1 year ago






if ! grep -q Disable3DAPIs /etc/chromium/policies/managed/chrome_stig_policy.json; then
   sed -i -e '/{/a \  "'Disable3DAPIs'": 'true',' /etc/chromium/policies/managed/chrome_stig_policy.json
else
   sed -i -e 's/\"'Disable3DAPIs'.*/\"'Disable3DAPIs'\": 'true',/g' /etc/chromium/policies/managed/chrome_stig_policy.json
fi

Disable the 3D Graphics APIs

Description

Rationale

Remediation - Shell Script