Title

Cloud print sharing must be disabled. (Cat II impact)

Discussion

Policy enables Google Chrome to act as a proxy between Google Cloud Print and legacy printers connected to the machine. If this setting is enabled or not configured, users can enable the cloud print proxy by authentication with their Google account. If this setting is disabled, users cannot enable the proxy, and the machine will not be allowed to share it’s printers with Google Cloud Print. If this policy is not set, this will be enabled but the user will be able to change it.

Check Content

Universal method: 1. In the omnibox (address bar) type chrome://policy 2. If CloudPrintProxyEnabled is not displayed under the Policy Name column or it is not set to false under the Policy Value column, then this is a finding. Windows method: 1. Start regedit 2. Navigate to HKLM\Software\Policies\Google\Chrome\ 3. If the CloudPrintProxyEnabled value name does not exist or its value data is not set to 0, then this is a finding.

Fix Text

Windows group policy: 1. Open the group policy editor tool with gpedit.msc 2. Navigate to Policy Path: Computer Configuration\Administrative Templates\Google\Google Chrome\Printing Policy Name: Enable Google Cloud Print proxy Policy State: Disabled Policy Value: N/A

Additional Identifiers

Rule ID: SV-221573r879540_rule

Vulnerability ID: V-221573

Group Title: SRG-APP-000047

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.