Changes are coming to https://stigviewer.com.
Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey
Access to history URL must be disabled.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-75165 | DTBC-0052 | SV-89845r1_rule | Medium |
| Description |
|---|
| Regardless of controls in place to safeguard the Chrome browser history users may still delete individual items via the Chrome://History URL. In order to protect against this occurrence access to Chrome://History must be blacklisted. |
| STIG | Date |
|---|---|
| Google Chrome Browser STIG | 2017-06-20 |
Details
| Check Text ( C-74955r3_chk ) |
|---|
| Universal method: 1. In the omnibox (address bar) type chrome://policy 2. If URLBlacklist is not displayed under the Policy Name column or does not contain an entry set to Chrome://History under the Policy Value column, this is a finding. Windows method: 1. Start regedit 2. Navigate to HKLM\Software\Policies\Google\Chrome\URLBlacklist 3. If the URLBlacklist key does not exist, or the does not contain an entry 2 set to Chrome://History, this is a finding. |
| Fix Text (F-81777r5_fix) |
|---|
| Windows group policy: 1. Open the group policy editor tool with gpedit.msc 2. Navigate to Policy Path: Computer Configuration\Administrative Templates\Google\Google Chrome\ Policy Name: Block access to a list of URLs Policy State: Enabled Policy Value 2: Chrome://History |