UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

Web Bluetooth API must be disabled.


Overview

Finding ID Version Rule ID IA Controls Severity
V-241787 DTBC-0073 SV-241787r720329_rule Medium
Description
Setting the policy to 3 lets websites ask for access to nearby Bluetooth devices. Setting the policy to 2 denies access to nearby Bluetooth devices. Leaving the policy unset lets sites ask for access, but users can change this setting. 2 = Do not allow any site to request access to Bluetooth devices via the Web Bluetooth API 3 = Allow sites to ask the user to grant access to a nearby Bluetooth device
STIG Date
Google Chrome Current Windows Security Technical Implementation Guide 2022-11-28

Details

Check Text ( C-45063r684828_chk )
Universal method:
1. In the omnibox (address bar) type chrome://policy
2. If DefaultWebBluetoothGuardSetting is not displayed under the Policy Name column or it is not set to 2 under the Policy Value column, then this is a finding.

Windows method:
1. Start regedit
2. Navigate to HKLM\Software\Policies\Google\Chrome\
3. If the DefaultWebBluetoothGuardSetting value name does not exist or its value data is not set to 2, then this is a finding.
Fix Text (F-45022r720328_fix)
Windows group policy:
1. Open the “group policy editor” tool with gpedit.msc
2. Navigate to Policy Path: Computer Configuration\Administrative Templates\Google\Google Chrome\Content Settings
Policy Name: Control use of the Web Bluetooth API
Policy State: Enabled
Policy Value: Do not allow any site to request access to Bluetooth devices via the Web Bluetooth API