STIGQter: STIG Summary: Google Chrome Current Windows Security Technical Implementation Guide Version: 2 Release: 3 Benchmark Date: 23 Apr 2021: STIGQter: STIG Summary: Google Chrome Current Windows Security Technical Implementation Guide Version: 2 Release: 3 Benchmark Date: 23 Apr 2021:SV-221563r684818_rule
V-221563
SRG-APP-000210
DTBC-0006
CAT II
10
Windows group policy:
1. Open the group policy editor tool with gpedit.msc
2. Navigate to Policy Path: Computer Configuration\Administrative Templates\Google\Google Chrome\Extensions\
Policy Name: Configure extension installation allowlist
Policy State: Enabled
Policy Value: oiigbmnaadbkfbmpbfijlflahbdbdgdf
Note: oiigbmnaadbkfbmpbfijlflahbdbdgdfis the extension ID for scriptno (a commonly used Chrome extension), other extension IDs may vary.
Universal method:
1. In the omnibox (address bar) type chrome://policy
2. If ExtensionInstallAllowlist is not displayed under the Policy Name column or it is not set to oiigbmnaadbkfbmpbfijlflahbdbdgdf or a list of administrator approved extension IDs, then this is a finding.
Windows method:
1. Start regedit
2. Navigate to the key HKLM\Software\Policies\Google\Chrome\ExtensionInstallAllowlist
3. If the ExtensionInstallAllowlist key is not set to 1 and oiigbmnaadbkfbmpbfijlflahbdbdgdf or a list of administrator-approved extension IDs, then this is a finding.
V-221563
False
DTBC-0006
Universal method:
1. In the omnibox (address bar) type chrome://policy
2. If ExtensionInstallAllowlist is not displayed under the Policy Name column or it is not set to oiigbmnaadbkfbmpbfijlflahbdbdgdf or a list of administrator approved extension IDs, then this is a finding.
Windows method:
1. Start regedit
2. Navigate to the key HKLM\Software\Policies\Google\Chrome\ExtensionInstallAllowlist
3. If the ExtensionInstallAllowlist key is not set to 1 and oiigbmnaadbkfbmpbfijlflahbdbdgdf or a list of administrator-approved extension IDs, then this is a finding.
M
4081