The home page must be set to a trusted site.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-44801 | DTBC-0048 | SV-57635r2_rule | Medium |
| Description |
|---|
| When a browser is started the first web page displayed is the "home page". While the home page can be selected by the user, the default home page needs to be defined to display an approved page. If no home page is defined then there is a possibility that a URL to a malicious site may be used as a home page which could effectively cause a denial of service to the browser. The browser must have an organizationally approved default home page. |
| STIG | Date |
|---|---|
| Google Chrome Current Windows STIG | 2014-07-08 |
Details
| Check Text ( C-49579r3_chk ) |
|---|
| Universal method: 1. In the omnibox (address bar) type chrome://policy 2. If HomepageLocation is not displayed under the Policy Name column or it is not set to an organizationally approved default home page. Windows method: 1. Start regedit 2. Navigate to HKLM\Software\Policies\Google\Chrome\ 3. If the HomepageLocation value name does not exist or its value data is not set to an organizationally approved default home page. |
| Fix Text (F-49891r4_fix) |
|---|
| Windows group policy: 1. Open the group policy editor tool with gpedit.msc 2. Navigate to Policy Path: Computer Configuration\Administrative Templates\Google\Google Chrome\Home page Policy Name: Configure the home page URL Policy State: Enabled Policy Value: An organizationally approved default home page. |