URLs must be whitelisted for plugin use

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-52795	DTBC-0051	SV-67011r2_rule		Medium

Description
This policy allows you to set a list of URL patterns that specify sites which are allowed to run plugins. If this policy is not set, plugins could be run from any website, including potentially malicious ones.

STIG	Date
Google Chrome Browser STIG	2017-06-20

Details

Check Text ( C-54515r1_chk )
Universal method: 1. In the omnibox (address bar) type chrome://policy 2. If PluginsAllowedForUrls is not displayed under the Policy Name column or it is not set to a list of administrator approved URLs under the Policy Value column, then this is a finding. Windows method: 1. Start regedit 2. Navigate to HKLM\Software\Policies\Google\Chrome\ 3. If the PluginsAllowedForUrls key does not exist and it does not contain a list of administrator approved URLs then this is a finding. Suggested: the set or subset of .mil and .gov

Check Text ( C-54515r1_chk )

Universal method:
1. In the omnibox (address bar) type chrome://policy
2. If PluginsAllowedForUrls is not displayed under the Policy Name column or it is not set to a list of administrator approved URLs under the Policy Value column, then this is a finding.

Windows method:
1. Start regedit
2. Navigate to HKLM\Software\Policies\Google\Chrome\
3. If the PluginsAllowedForUrls key does not exist and it does not contain a list of administrator approved URLs then this is a finding.

Suggested: the set or subset of *.mil and *.gov

Fix Text (F-57613r1_fix)
Windows group policy: 1. Open the group policy editor tool with gpedit.msc 2. Navigate to Policy Path: Computer Configuration\Administrative Templates\Google\Google Chrome\Content Settings Policy Name: Allow plugins on these sites Policy State: Enabled Policy Value 1: .mil Policy Value 2: .gov