URLs must be whitelisted for Autoplay use.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-81589 | DTBC-0065 | SV-96303r2_rule | Medium |
| Description |
|---|
| Controls the whitelist of URL patterns that autoplay will always be enabled on. If the “AutoplayAllowed” policy is set to “True” then this policy will have no effect. If the “AutoplayAllowed” policy is set to “False” then any URL patterns set in this policy will still be allowed to play. |
| STIG | Date |
|---|---|
| Google Chrome Current Windows Security Technical Implementation Guide | 2020-06-05 |
Details
| Check Text ( C-81341r2_chk ) |
|---|
| Universal method: 1. In the omnibox (address bar) type chrome://policy 2. If “AutoplayWhitelist” is not displayed under the “Policy Name” column or it is not set to a list of administrator-approved URLs under the “Policy Value” column, this is a finding. Windows method: 1. Start regedit 2. Navigate to HKLM\Software\Policies\Google\Chrome\ 3. If the “AutoplayWhitelist” key does not exist and it does not contain a list of administrator-approved URLs, this is a finding. Suggested: the set or subset of [*.]mil and [*.]gov |
| Fix Text (F-88417r3_fix) |
|---|
| Windows group policy: 1. Open the “group policy editor” tool with gpedit.msc 2. Navigate to Policy Path: Computer Configuration\Administrative Templates\Google\Google Chrome Policy Name: Allow media autoplay on a whitelist of URL patterns Policy State: Enabled Policy Value 1: [*.]mil Policy Value 2: [*.]gov |