Access to history URL must be disabled.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-75165	DTBC-0052	SV-89845r1_rule		Medium

Description
Regardless of controls in place to safeguard the Chrome browser history users may still delete individual items via the Chrome://History URL. In order to protect against this occurrence access to Chrome://History must be blacklisted.

STIG	Date
Google Chrome Browser STIG	2017-06-20

Details

Check Text ( C-74955r3_chk )
Universal method: 1. In the omnibox (address bar) type chrome://policy 2. If URLBlacklist is not displayed under the Policy Name column or does not contain an entry set to Chrome://History under the Policy Value column, this is a finding. Windows method: 1. Start regedit 2. Navigate to HKLM\Software\Policies\Google\Chrome\URLBlacklist 3. If the URLBlacklist key does not exist, or the does not contain an entry 2 set to Chrome://History, this is a finding.

Check Text ( C-74955r3_chk )

Universal method:
1. In the omnibox (address bar) type chrome://policy
2. If URLBlacklist is not displayed under the Policy Name column or does not contain an entry set to Chrome://History under the Policy Value column, this is a finding.

Windows method:
1. Start regedit
2. Navigate to HKLM\Software\Policies\Google\Chrome\URLBlacklist
3. If the URLBlacklist key does not exist, or the does not contain an entry 2 set to Chrome://History, this is a finding.

Fix Text (F-81777r5_fix)
Windows group policy: 1. Open the group policy editor tool with gpedit.msc 2. Navigate to Policy Path: Computer Configuration\Administrative Templates\Google\Google Chrome\ Policy Name: Block access to a list of URLs Policy State: Enabled Policy Value 2: Chrome://History