Changes are coming to https://stigviewer.com.
Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey
Extensions must be blacklisted by default
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-0005 | DTBC-0005 | SV-0005r1_rule | Medium |
| Description |
|---|
| Allows you to specify which extensions the users can NOT install. Extensions already installed will be removed if blacklisted. A blacklist value of '*' means all extensions are blacklisted unless they are explicitly listed in the whitelist. If this policy is left not set the user can install any extension in Google Chrome. |
| STIG | Date |
|---|---|
| Google Chrome STIG Draft | 2012-09-25 |
Details
| Check Text ( C-0005r1_chk ) |
|---|
| Universal method (Requires Chrome Browser v15 or later): 1. In the omnibox (address bar) type chrome://policy 2. If ExtensionInstallBlacklist is displayed under the Policy Name column and it is set to * under the Policy Value column, then this is not a finding. Windows method: 1. Start regedit 2. Navigate to HKLM\Software\Policies\Google\Chrome\ExtensionInstallBlacklist 3. If the ExtensionInstallBlacklist key does not exist, or a registry value name of 1 does not exist under that key, or the registry value name of 1 does not have its value data set to * then this is a finding. |
| Fix Text (F-0005r1_fix) |
|---|
| Valid for Chrome Browser version 8 or later. Windows registry: Key Path: HKLM\Software\Policies\Google\Chrome\ExtensionInstallBlacklist Value Name: 1 Value Type: String (REG_SZ) Value Data: * Windows group policy: Policy Path: Computer Configuration\Administrative Templates\Google\Google Chrome\Extensions\ Policy Name: Configure extension installation blacklist Policy State: Enabled Policy Value: * |