Disable All Plugins by Default

An XCCDF Rule

Description

Plugins are developed internally or by third party sources and are designed to extend Google Chromium's functionality. All plugins should be blacklisted from installation by default. To blacklist all plugins set DisabledPlugins to * in the Chromium policy file.

Rationale

Plugins can access almost anything on a system and users can enable or install them at will. This means they pose a high risk to any system that would allow all plugins to be installed by default.

ID: xccdf_org.ssgproject.content_rule_chromium_disable_plugin_blacklist
Severity: Unknown
References: DTBC0034
Updated: over 1 year ago

Remediation Templates

if ! grep -q DisabledPlugins /etc/chromium/policies/managed/chrome_stig_policy.json; then
   sed -i -e '/{/a \  "'DisabledPlugins'": '[ "*" ]',' /etc/chromium/policies/managed/chrome_stig_policy.json
else
   sed -i -e 's/\"'DisabledPlugins'.*/\"'DisabledPlugins'\": '[ "*" ]',/g' /etc/chromium/policies/managed/chrome_stig_policy.json
fi

Disable All Plugins by Default

Description

Rationale

Remediation Templates

A Shell Script