Check: DTBC-0070
Google Chrome Current Windows STIG:
DTBC-0070
(in versions v2 r9 through v1 r19)
Title
AutoFill for credit cards must be disabled. (Cat II impact)
Discussion
Enabling Google Chrome's AutoFill feature allows users to auto complete credit card information in web forms using previously stored information. If this setting is disabled, Autofill will never suggest or fill credit card information, nor will it save additional credit card information that the user might submit while browsing the web. If this setting is enabled or has no value, the user will be able to control Autofill for credit cards in the UI.
Check Content
Universal method: 1. In the omnibox (address bar) type chrome://policy 2. If AutofillCreditCardEnabled is not displayed under the Policy Name column or it is not set to 0 under the Policy Value column, this is a finding. Windows method: 1. Start regedit 2. Navigate to HKLM\Software\Policies\Google\Chrome\ 3. If the AutofillCreditCardEnabled value name does not exist or its value data is not set to 0, this is a finding.
Fix Text
Windows group policy: 1. Open the "group policy editor" tool with gpedit.msc 2. Navigate to Policy Path: Computer Configuration\Administrative Templates\Google\Google Chrome\ Policy Name: Enable AutoFill for credit cards Policy State: Disabled
Additional Identifiers
Rule ID: SV-226402r879627_rule
Vulnerability ID: V-226402
Group Title: SRG-APP-000206
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-000166 |
The information system protects against an individual (or process acting on behalf of an individual) falsely denying having performed organization-defined actions to be covered by non-repudiation. |
CCI-001166 |
The information system identifies organization-defined unacceptable mobile code. |