Skip to content

III - Administrative Public

Rules and Groups employed by this XCCDF Profile

  • SRG-APP-000206

    <GroupDescription></GroupDescription>
    Group
  • Safe Browsing Extended Reporting must be disabled.

    &lt;VulnDiscussion&gt;Enables Google Chrome's Safe Browsing Extended Reporting and prevents users from changing this setting. Extended Reporting se...
    Rule Medium Severity
  • SRG-APP-000141

    <GroupDescription></GroupDescription>
    Group
  • WebUSB must be disabled.

    &lt;VulnDiscussion&gt;Allows you to set whether websites are allowed to get access to connected USB devices. Access can be completely blocked, or t...
    Rule Medium Severity
  • SRG-APP-000089

    <GroupDescription></GroupDescription>
    Group
  • Chrome Cleanup must be disabled.

    &lt;VulnDiscussion&gt;If set to "False", prevents Chrome Cleanup from scanning the system for unwanted software and performing cleanups. Manually t...
    Rule Medium Severity
  • SRG-APP-000089

    <GroupDescription></GroupDescription>
    Group
  • Chrome Cleanup reporting must be disabled.

    &lt;VulnDiscussion&gt;If unset, should Chrome Cleanup detect unwanted software, it may report metadata about the scan to Google in accordance with ...
    Rule Medium Severity
  • SRG-APP-000141

    <GroupDescription></GroupDescription>
    Group
  • Google Cast must be disabled.

    &lt;VulnDiscussion&gt;If this policy is set to ”True” or is not set, Google Cast will be enabled, and users will be able to launch it from the app ...
    Rule Medium Severity
  • SRG-APP-000141

    <GroupDescription></GroupDescription>
    Group
  • Autoplay must be disabled.

    &lt;VulnDiscussion&gt;This allows a user to control if videos can play automatically with audio content (without user consent) in Google Chrome. I...
    Rule Medium Severity
  • SRG-APP-000210

    <GroupDescription></GroupDescription>
    Group
  • URLs must be allowlisted for Autoplay use.

    &lt;VulnDiscussion&gt;Controls the allowlist of URL patterns that autoplay will always be enabled on. If the "AutoplayAllowed" policy is set to "Tr...
    Rule Medium Severity
  • SRG-APP-000206

    <GroupDescription></GroupDescription>
    Group
  • Anonymized data collection must be disabled.

    &lt;VulnDiscussion&gt;Enable URL-keyed anonymized data collection in Google Chrome and prevent users from changing this setting. URL-keyed anonymiz...
    Rule Medium Severity
  • SRG-APP-000206

    <GroupDescription></GroupDescription>
    Group
  • Collection of WebRTC event logs must be disabled.

    &lt;VulnDiscussion&gt;If the policy is set to “true”, Google Chrome is allowed to collect WebRTC event logs from Google services (e.g., Google Meet...
    Rule Medium Severity
  • SRG-APP-000266

    <GroupDescription></GroupDescription>
    Group
  • Chrome development tools must be disabled.

    &lt;VulnDiscussion&gt;While the risk associated with browser development tools is more related to the proper design of a web application, a risk ve...
    Rule Low Severity
  • SRG-APP-000206

    <GroupDescription></GroupDescription>
    Group
  • Guest Mode must be disabled.

    &lt;VulnDiscussion&gt;If this policy is set to true or not configured, Google Chrome will enable guest logins. Guest logins are Google Chrome profi...
    Rule Medium Severity
  • SRG-APP-000206

    <GroupDescription></GroupDescription>
    Group
  • AutoFill for credit cards must be disabled.

    &lt;VulnDiscussion&gt;Enabling Google Chrome's AutoFill feature allows users to auto complete credit card information in web forms using previously...
    Rule Medium Severity
  • SRG-APP-000206

    <GroupDescription></GroupDescription>
    Group
  • AutoFill for addresses must be disabled.

    &lt;VulnDiscussion&gt;Enabling Google Chrome's AutoFill feature allows users to auto complete address information in web forms using previously sto...
    Rule Medium Severity
  • SRG-APP-000206

    <GroupDescription></GroupDescription>
    Group
  • Import AutoFill form data must be disabled.

    &lt;VulnDiscussion&gt;This policy forces the autofill form data to be imported from the previous default browser if enabled. If enabled, this polic...
    Rule Medium Severity
  • SRG-APP-000141

    <GroupDescription></GroupDescription>
    Group
  • Web Bluetooth API must be disabled.

    &lt;VulnDiscussion&gt;Setting the policy to 3 lets websites ask for access to nearby Bluetooth devices. Setting the policy to 2 denies access to ne...
    Rule Medium Severity
  • SRG-APP-000383

    <GroupDescription></GroupDescription>
    Group
  • Use of the QUIC protocol must be disabled.

    &lt;VulnDiscussion&gt;QUIC is used by more than half of all connections from the Chrome web browser to Google's servers, and this activity is undes...
    Rule Medium Severity
  • SRG-APP-000080

    <GroupDescription></GroupDescription>
    Group
  • Session only based cookies must be enabled.

    &lt;VulnDiscussion&gt;Cookies must only be allowed per session and only for approved URLs as permanently stored cookies can be used for malicious i...
    Rule Medium Severity

The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.

Capacity
Modules