Changes are coming to https://stigviewer.com.
Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey
Plugins must be disabled by default
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-36600 | DTBC-0046 | SV-48104r1_rule | ECSC-1 | Medium |
| Description |
|---|
| Disabling plugins by default will reduce the attach surface of Google Chrome. Also, it ensures that functionality that is not used is disabled. |
| STIG | Date |
|---|---|
| Google Chrome v24 Windows STIG | 2013-02-21 |
Details
| Check Text ( C-44838r1_chk ) |
|---|
| Universal method(Requires Chrome Browser v15 or later): 1. In the omnibox(address bar) type chrome://policy 2. If the policy "DisabledPlugins" is not shown or is not set to "*", then this is a finding. Windows: Start regedit Navigate to HKLM\Software\Policies\Google\Chrome\DisabledPlugins If this key does not exist or is not set to "*" this is a finding. |
| Fix Text (F-41243r1_fix) |
|---|
| Valid for Chrome Browser version 11 or later. Windows Registry: Registry Path: HKLM\Software\Policies\Google\Chrome\ Value Name: BlockPlugins Value Type: List of strings Value Data: "*" Windows group policy: Policy Path: Computer Configuration\Administrative Templates\Google\Google Chrome\Content Settings\ Policy Name: "Block all plugins" Policy State: Enabled Policy Value: "*" |