STIGQter STIGQter: STIG Summary: Google Chrome Current Windows Security Technical Implementation Guide Version: 2 Release: 3 Benchmark Date: 23 Apr 2021:

The default search provider URL must be set to perform encrypted searches.

DISA Rule

SV-221565r684821_rule

Vulnerability Number

V-221565

Group Title

SRG-APP-000141

Rule Version

DTBC-0008

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

If the system is on the SIPRNet, this requirement is NA.

Windows group policy:
1. Open the group policy editor tool with gpedit.msc
2. Navigate to Policy Path: Computer Configuration\Administrative Templates\Google\Google Chrome\Default search provider\
Policy Name: Default search provider search URL
Policy State: Enabled
Policy Value: Must be set to an organization-approved encrypted search string
(ex. https://www.google.com/search?q={searchTerms} or https://www.bing.com/search?q={searchTerms} )

Check Contents

If the system is on the SIPRNet, this requirement is NA.

Universal method:
1. In the omnibox (address bar) type chrome://policy
2. If DefaultSearchProviderSearchURL is not displayed under the Policy Name column or it is not set to an organization-approved encrypted search string (ex. https://www.google.com/?q={searchTerms} or https://www.bing.com/search?q={searchTerms} ) under the Policy Value column, this is a finding.

Windows method:
1. Start regedit
2. Navigate to HKLM\Software\Policies\Google\Chrome\
3. If the DefaultSearchProviderSearchURL value name does not exist or its value data is not set to an organization-approved encrypted search string (ex. https://www.google.com/search?q={searchTerms} or https://www.bing.com/search?q={searchTerms} ) this is a finding.

Vulnerability Number

V-221565

Documentable

False

Rule Version

DTBC-0008

Severity Override Guidance

If the system is on the SIPRNet, this requirement is NA.

Universal method:
1. In the omnibox (address bar) type chrome://policy
2. If DefaultSearchProviderSearchURL is not displayed under the Policy Name column or it is not set to an organization-approved encrypted search string (ex. https://www.google.com/?q={searchTerms} or https://www.bing.com/search?q={searchTerms} ) under the Policy Value column, this is a finding.

Windows method:
1. Start regedit
2. Navigate to HKLM\Software\Policies\Google\Chrome\
3. If the DefaultSearchProviderSearchURL value name does not exist or its value data is not set to an organization-approved encrypted search string (ex. https://www.google.com/search?q={searchTerms} or https://www.bing.com/search?q={searchTerms} ) this is a finding.

Check Content Reference

M

Target Key

4081

Comments