Check: DTBC-0052
Google Chrome Current Windows STIG:
DTBC-0052
(in versions v2 r9 through v1 r11)
Title
Deletion of browser history must be disabled. (Cat II impact)
Discussion
Disabling this function will prevent users from deleting their browsing history, which could be used to identify malicious websites and files that could later be used for anti-virus and Intrusion Detection System (IDS) signatures. Furthermore, preventing users from deleting browsing history could be used to identify abusive web surfing on government systems.
Check Content
Universal method: 1. In the omnibox (address bar) type chrome://policy 2. If the policy "AllowDeletingBrowserHistory" is not shown or is not set to false, this is a finding. Windows method: 1. Start regedit 2. Navigate to HKLM\Software\Policies\Google\Chrome\ 3. If the "AllowDeletingBrowserHistory" value name does not exist or its value data is not set to "0", this is a finding.
Fix Text
Windows group policy: 1. Open the group policy editor tool with gpedit.msc 2. Navigate to Policy Path: Computer Configuration\Administrative Templates\Google\Google Chrome\ Policy Name: Enable deleting browser and download history Policy State: Disabled Policy Value: N/A
Additional Identifiers
Rule ID: SV-221586r879559_rule
Vulnerability ID: V-221586
Group Title: SRG-APP-000089
Expert Comments
CCIs
| Number | Definition |
|---|---|
| CCI-000169 |
The information system provides audit record generation capability for the auditable events defined in AU-2 a. at organization-defined information system components. |
| CCI-001687 |
The organization ensures the use of mobile code to be deployed in information systems meets organization-defined mobile code requirements. |