Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-35624 | DTBC-0007 | SV-46911r1_rule | ECSC-1 | Medium |
Description |
---|
"Specifies the name of the default search provider. If left empty or not set, the host name specified by the search URL will be used. This policy is only considered if the 'DefaultSearchProviderEnabled' policy is enabled. When doing internet searches it is important to used an encrypted connection via https." - Google Chrome Administrators Policy List |
STIG | Date |
---|---|
Google Chrome v23 Windows STIG | 2013-01-11 |
Check Text ( C-43967r1_chk ) |
---|
Universal method (Requires Chrome Browser v15 or later): 1. In the omnibox (address bar) type chrome://policy 2. If DefaultSearchProviderName is displayed under the Policy Name column or it is not set to an organization approved encrypted search provider (ex. Google Encrypted Search) under the Policy Value column, then this is a finding. Windows method: 1. Start regedit 2. Navigate to HKLM\Software\Policies\Google\Chrome\ 3. If the DefaultSearchProviderName value name does not exist or it is not set to an organization approved encrypted search provider (ex. Google Encrypted Search), then this is a finding. |
Fix Text (F-40165r1_fix) |
---|
Valid for Chrome Browser version 8 or later. Windows registry: Key Path: HKLM\Software\Policies\Google\Chrome\ Value Name: DefaultSearchProviderName Value Type: String (REG_SZ) Value Data: organization approved encrypted search provider (ex. Google Encrypted Search) Windows group policy: Policy Path: Computer Configuration\Administrative Templates\Google\Google Chrome\Default search provider\ Policy Name: Default search provider name Policy State: Enabled Policy Value: set to an organization approved encrypted search provider (ex. Google Encrypted Search) |