UCF STIG Viewer Logo

Extensions that are approved for use must be whitelisted.


Overview

Finding ID Version Rule ID IA Controls Severity
V-44729 DTBC-0006 SV-57563r2_rule Medium
Description
The whitelist should only contain organizationally approved extensions. This is to prevent a user from accidently whitelisitng a malicious extension. This policy allows you to specify which extensions are not subject to the blacklist. A blacklist value of ‘*’ means all extensions are blacklisted and users can only install extensions listed in the whitelist. By default, no extensions are whitelisted. If all extensions have been blacklisted by policy, then the whitelist policy can be used to allow specific extensions to be installed. Administrators should determine which extensions should be allowed to be installed by their users. If no extensions are whitelisted, then no extensions can be installed when combined with blacklisting all extensions.
STIG Date
Google Chrome Browser STIG 2017-06-20

Details

Check Text ( C-49515r3_chk )
Universal method:
1. In the omnibox (address bar) type chrome://policy
2. If ExtensionInstallWhitelist is not displayed under the Policy Name column or it is not set to oiigbmnaadbkfbmpbfijlflahbdbdgdf or a list of administrator approved extension IDs, then this is a finding.

Windows method:
1. Start regedit
2. Navigate to the key HKLM\Software\Policies\Google\Chrome\ExtensionInstallWhitelist
3. If the ExtensionInstallWhitelist key is not set to 1 or oiigbmnaadbkfbmpbfijlflahbdbdgdf or a list of administrator-approved extension IDs, then this is a finding.
Fix Text (F-49821r4_fix)
Windows group policy:
1. Open the group policy editor tool with gpedit.msc
2. Navigate to Policy Path: Computer Configuration\Administrative Templates\Google\Google Chrome\Extensions\
Policy Name: Configure extension installation whitelist
Policy State: Enabled
Policy Value: oiigbmnaadbkfbmpbfijlflahbdbdgdf (or 1)

Note: oiigbmnaadbkfbmpbfijlflahbdbdgdf is the extension ID for scriptno(a commonly used Chrome extension)