Check: DTBC-0052
Google Chrome Current Windows STIG:
DTBC-0052
(in versions v2 r10 through v1 r11)
Title
Deletion of browser history must be disabled. (Cat II impact)
Discussion
Disabling this function will prevent users from deleting their browsing history, which could be used to identify malicious websites and files that could later be used for anti-virus and Intrusion Detection System (IDS) signatures. Furthermore, preventing users from deleting browsing history could be used to identify abusive web surfing on government systems.
Check Content
Universal method: 1. In the omnibox (address bar) type chrome://policy 2. If the policy "AllowDeletingBrowserHistory" is not shown or is not set to false, this is a finding. Windows method: 1. Start regedit 2. Navigate to HKLM\Software\Policies\Google\Chrome\ 3. If the "AllowDeletingBrowserHistory" value name does not exist or its value data is not set to "0", this is a finding.
Fix Text
Windows group policy: 1. Open the group policy editor tool with gpedit.msc 2. Navigate to Policy Path: Computer Configuration\Administrative Templates\Google\Google Chrome\ Policy Name: Enable deleting browser and download history Policy State: Disabled Policy Value: N/A
Additional Identifiers
Rule ID: SV-221586r960879_rule
Vulnerability ID: V-221586
Group Title: SRG-APP-000089
Expert Comments
CCIs
| Number | Definition |
|---|---|
| CCI-000169 |
Provide audit record generation capability for the event types the system is capable of auditing as defined in AU-2 a on organization-defined information system components. |
| CCI-001687 |
Verify that the use of mobile code deployed in system meets organization-defined mobile code requirements. |