Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-35626 | DTBC-0009 | SV-46913r2_rule | ECSC-1 | Medium |
Description |
---|
"Enables the use of a default search provider. If you enable this setting, a default search is performed when the user types text In the omnibox that is not a URL. You can specify the default search provider to be used by setting the rest of the default search policies. If these are left empty, the user can choose the default provider. If you disable this setting, no search is performed when the user enters non-URL text in the omnibox. If you enable or disable this setting, users cannot change or override this setting in Google Chrome. If this policy is left not set, the default search provider is enabled, and the user will be able to set the search provider list." - Google Chrome Administrators Policy List |
STIG | Date |
---|---|
Google Chrome v24 Windows Benchmark | 2013-03-07 |
Check Text ( http://oval.mitre.org/XMLSchema/oval-definitions-5 ) |
---|
Universal method (Requires Chrome Browser v15 or later): 1. In the omnibox (address bar) type chrome://policy 2. If DefaultSearchProviderEnabled is not displayed under the Policy Name column or it is not set to true under the Policy Value column, then this is a finding. Windows method: 1. Start regedit 2. Navigate to HKLM\Software\Policies\Google\Chrome\ 3. If the DefaultSearchProviderEnabled value name does not exist or its value data is not set to 1, then this is a finding. |
Fix Text (F-40180r1_fix) |
---|
Valid for Chrome Browser version 8 or later. Windows registry: Key Path: HKLM\Software\Policies\Google\Chrome\ Value Name: DefaultSearchProviderEnabled Value Type: Boolean (REG_DWORD) Value Data: 1 Windows group policy: Policy Path: Computer Configuration\Administrative Templates\Google\Google Chrome\Default search provider\ Policy Name: Enable the default search provider Policy State: Enabled Policy Value: N/A |