Disable Insecure And Obsolete Protocol Schemas

An XCCDF Rule

Description

Each access to a URL is handled by the browser according to the URL's "scheme". The "scheme" of a URL is the section before the ":". The term "protocol" is often mistakenly used for a "scheme". The difference is that the scheme is how the browser handles a URL and the protocol is how the browser communicates with a service. To disable insecure and obsolete protocol schema, set URLBlacklist to in the Chromium policy file.

Rationale

If a scheme or its associated protocol used by a browser is insecure or obsolete, vulnerabilities can be exploited resulting in exposed data or unrestricted access to the browser's system.

ID: xccdf_org.ssgproject.content_rule_chromium_disable_protocol_schemas
Severity: Unknown
References: DTBC0021
Updated: about 1 year ago


var_url_blacklist='<xccdf-1.2:sub xmlns:xccdf-1.2="http://checklists.nist.gov/xccdf/1.2" idref="xccdf_org.ssgproject.content_value_var_url_blacklist" use="legacy"/>'


var_url_blacklist_modified="$(echo ${var_url_blacklist}| sed 's/\//\\\/\\/')"



if ! grep -q URLBlacklist /etc/chromium/policies/managed/chrome_stig_policy.json; then
   sed -i -e '/{/a \  "'URLBlacklist'": '\[${var_url_blacklist}\]',' /etc/chromium/policies/managed/chrome_stig_policy.json
else
   sed -i -e 's/\"'URLBlacklist'.*/\"'URLBlacklist'\": '\[${var_url_blacklist_modified}\]',/g' /etc/chromium/policies/managed/chrome_stig_policy.json
fi

Disable Insecure And Obsolete Protocol Schemas

Description

Rationale

Remediation - Shell Script