UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

Chrome development tools must be disabled.


Overview

Finding ID Version Rule ID IA Controls Severity
V-97525 DTBC-0068 SV-106629r1_rule Low
Description
Information needed by an attacker to begin looking for possible vulnerabilities in a web browser includes any information about the web browser and plug-ins or modules being used. When debugging or trace information is enabled in a production web browser, information about the web browser, such as web browser type, version, patches installed, plug-ins and modules installed, type of code being used by the hosted application, and any back-ends being used for data storage may be displayed. Since this information may be placed in logs and general messages during normal operation of the web browser, an attacker does not need to cause an error condition to gain this information.
STIG Date
Google Chrome Current Windows Security Technical Implementation Guide 2019-10-04

Details

Check Text ( C-96361r1_chk )
Universal method:
1. In the omnibox (address bar) type chrome://policy
2. If the policy "DeveloperToolsAvailability" is not shown or is not set to "2", this is a finding.

Windows method:
1. Start regedit
2. Navigate to HKLM\Software\Policies\Google\Chrome\
3. If the key "DeveloperToolsAvailability" does not exist or is not set to "2", this is a finding.
Fix Text (F-103203r1_fix)
Windows group policy:
1. Open the group policy editor tool with gpedit.msc
2. Navigate to Policy Path: Computer Configuration\Administrative Templates\Google\Google Chrome\Content Settings
Policy Name: Control where Developer Tools can be used
Policy State: Enabled
Policy Value: Disallow usage of the Developer Tools