UCF STIG Viewer Logo

3D Graphics APIs must be disabled


Finding ID Version Rule ID IA Controls Severity
V-35767 DTBC-0019 SV-47054r1_rule Medium
"Disable support for 3D graphics APIs. Enabling this setting prevents web pages from accessing the graphics processing unit (GPU). Specifically, web pages can not access the WebGL API and plugins can not use the Pepper 3D API. Disabling this setting or leaving it not set potentially allows web pages to use the WebGL API and plugins to use the Pepper 3D API. The default settings of the browser may still require command line arguments to be passed in order to use these APIs." - Google Chrome Administrators Policy List Chrome uses WebGL to render graphics using the GPU. There are few sites that currently take advantage of this feature. Since there is unlikely to be an operational impact, it is recommended that this feature is turned off in order to reduce the attack surface.
Google Chrome v23 Windows STIG 2013-01-11


Check Text ( C-44113r1_chk )
Universal method (Requires Chrome Browser v15 or later):
1. In the omnibox (address bar) type chrome://policy
2. If Disable3DAPIs is not displayed under the Policy Name column or it is not set to true under the Policy Value column, then this is a finding.

Windows method:
1. Start regedit
2. Navigate to HKLM\Software\Policies\Google\Chrome\
3. If the Disable3DAPIs value name does not exist or its value data is not set to 1, then this is a finding.
Fix Text (F-40313r1_fix)
Valid for Chrome Browser version 9 or later.

Windows registry:
Key Path: HKLM\Software\Policies\Google\Chrome\
Value Name: Disable3DAPIs
Value Type: Boolean (REG_DWORD)
Value Data: 1

Windows group policy:
Policy Path: Computer Configuration\Administrative Templates\Google\Google Chrome\
Policy Name: Disable support for 3D graphics APIs
Policy State: Enabled
Policy Value: N/A