STIGQter: STIG Summary: Google Chrome Current Windows Security Technical Implementation Guide Version: 2 Release: 3 Benchmark Date: 23 Apr 2021:

The URL protocol schema javascript must be disabled.

DISA Rule

SV-221572r615937_rule

Vulnerability Number

V-221572

Group Title

SRG-APP-000141

Rule Version

DTBC-0021

Severity

CAT II

CCI(s)

• CCI-000381 - The organization configures the information system to provide only essential capabilities.

Weight

10

Fix Recommendation

Windows group policy:
1. Open the group policy editor tool with gpedit.msc
2. Navigate to Policy Path: Computer Configuration\Administrative Templates\Google\Google Chrome\
Policy Name: Block access to a list of URLs
Policy State: Enabled
Policy Value 1: javascript://*

Check Contents

Universal method:
1. In the omnibox (address bar) type chrome://policy
2. If URLBlacklist is not displayed under the Policy Name column or it is not set to javascript://* under the Policy Value column, then this is a finding.

Windows method:
1. Start regedit
2. Navigate to HKLM\Software\Policies\Google\Chrome\URLBlacklist
3. If the URLBlacklist key does not exist, or the does not contain entries 1 set to javascript://*, then this is a finding.

Vulnerability Number

V-221572

Documentable

False

Rule Version

DTBC-0021

Severity Override Guidance

Universal method:
1. In the omnibox (address bar) type chrome://policy
2. If URLBlacklist is not displayed under the Policy Name column or it is not set to javascript://* under the Policy Value column, then this is a finding.

Windows method:
1. Start regedit
2. Navigate to HKLM\Software\Policies\Google\Chrome\URLBlacklist
3. If the URLBlacklist key does not exist, or the does not contain entries 1 set to javascript://*, then this is a finding.

Check Content Reference

M

Target Key

4081

Comments