UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

Session only based cookies must be enabled.


Overview

Finding ID Version Rule ID IA Controls Severity
V-245539 DTBC-0045 SV-245539r940013_rule Medium
Description
Cookies must only be allowed per session and only for approved URLs as permanently stored cookies can be used for malicious intent. Approved URLs may be allowlisted via the CookiesAllowedForUrls policy setting, but is not a requirement.
STIG Date
Google Chrome Current Windows Security Technical Implementation Guide 2023-11-21

Details

Check Text ( C-23298r940011_chk )
Universal method:
1. In the omnibox (address bar), type chrome://policy
2. If the policy "DefaultCookiesSetting" is not shown or is not set to "4", this is a finding.

Windows method:
1. Start regedit.
2. Navigate to HKLM\Software\Policies\Google\Chrome\DefaultCookiesSetting.
3. If this key does not exist, or is not set to "4", this is a finding.
Fix Text (F-23287r940012_fix)
Windows group policy:
1. Open the group policy editor tool with gpedit.msc
2. Navigate to Policy Path: Computer Configuration\Administrative Templates\Google\Google Chrome\Content Settings.
- Policy Name: Default cookies setting
- Policy State: Enabled
- Policy Value: Keep cookies for the duration of the session