Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-52795 | DTBC-0051 | SV-67011r2_rule | Medium |
Description |
---|
This policy allows you to set a list of URL patterns that specify sites which are allowed to run plugins. If this policy is not set, plugins could be run from any website, including potentially malicious ones. |
STIG | Date |
---|---|
Google Chrome Current Windows STIG | 2016-12-01 |
Check Text ( C-54515r1_chk ) |
---|
Universal method: 1. In the omnibox (address bar) type chrome://policy 2. If PluginsAllowedForUrls is not displayed under the Policy Name column or it is not set to a list of administrator approved URLs under the Policy Value column, then this is a finding. Windows method: 1. Start regedit 2. Navigate to HKLM\Software\Policies\Google\Chrome\ 3. If the PluginsAllowedForUrls key does not exist and it does not contain a list of administrator approved URLs then this is a finding. Suggested: the set or subset of *.mil and *.gov |
Fix Text (F-57613r1_fix) |
---|
Windows group policy: 1. Open the group policy editor tool with gpedit.msc 2. Navigate to Policy Path: Computer Configuration\Administrative Templates\Google\Google Chrome\Content Settings Policy Name: Allow plugins on these sites Policy State: Enabled Policy Value 1: *.mil Policy Value 2: *.gov |