STIGQter: STIG Summary: Google Chrome Current Windows Security Technical Implementation Guide Version: 2 Release: 3 Benchmark Date: 23 Apr 2021:

Default behavior must block webpages from automatically running plugins.

DISA Rule

SV-221582r615937_rule

Vulnerability Number

V-221582

Group Title

SRG-APP-000089

Rule Version

DTBC-0040

Severity

CAT II

CCI(s)

• CCI-000169 - The information system provides audit record generation capability for the auditable events defined in AU-2 a. at organization-defined information system components.

Weight

10

Fix Recommendation

Windows group policy:
1. Open the group policy editor tool with gpedit.msc
2. Navigate to Policy Path: Computer Configuration\Administrative Templates\Google\Google Chrome\Content Settings\
Policy Name: Default Flash setting
Policy State: Enabled
Policy Value: Click to play

Check Contents

Universal method:
1. In the omnibox (address bar) type chrome://policy
2. If the policy "DefaultPluginsSetting" is not shown or is not set to "3", this is a finding.

Windows method:
1. Start regedit
2. Navigate to HKLM\Software\Policies\Google\Chrome\DefaultPluginsSetting
3. If this key "DefaultPluginsSetting" does not exist or is not set to "3", this is a finding.

Vulnerability Number

V-221582

Documentable

False

Rule Version

DTBC-0040

Severity Override Guidance

Universal method:
1. In the omnibox (address bar) type chrome://policy
2. If the policy "DefaultPluginsSetting" is not shown or is not set to "3", this is a finding.

Windows method:
1. Start regedit
2. Navigate to HKLM\Software\Policies\Google\Chrome\DefaultPluginsSetting
3. If this key "DefaultPluginsSetting" does not exist or is not set to "3", this is a finding.

Check Content Reference

M

Target Key

4081

Comments