An error occurred:

Check: DTBC-0076

Google Chrome Current Windows STIG: DTBC-0076 (in version v2 r11)

Title

DevTools Generative AI features must be disabled. (Cat II impact)

Discussion

These features in Google Chrome's DevTools employ generative AI models to provide additional debugging information. To use these features, Google Chrome collects data such as error messages, stack traces, code snippets, and network requests and sends them to a server owned by Google, which runs a generative AI model. Response body or authentication and cookie headers in network requests are not included in the data sent to the server. 0 = Allow the feature to be used, while allowing Google to use relevant data to improve its AI models. Relevant data may include prompts, inputs, outputs, source materials, and written feedback, depending on the feature. It may also be reviewed by humans to improve AI models. 0 is the default value, except when noted below. 1 = Allow the feature to be used, but does not allow Google to improve models using users' content (including prompts, inputs, outputs, source materials, and written feedback). 1 is the default value for Enterprise users managed by Google Admin console and for Education accounts managed by Google Workspace. 2 = Do not allow the feature.

Check Content

Universal method: 1. In the omnibox (address bar) type "chrome:// policy". 2. If "DevToolsGenAiSettings" is not displayed under the "Policy Name" column or it is not set to "2" under the "Policy Value" column, this is a finding. Windows method: 1. Start "regedit". 2. Navigate to "HKLM\Software\Policies\Google\Chrome\". 3. If the "DevToolsGenAiSettings" value name does not exist or its value data is not set to "2", this is a finding.

Fix Text

Windows group policy: 1. Open the group policy editor tool with gpedit.msc. 2. Navigate to Policy Path: Computer Configuration\Administrative Templates\Google\Google Chrome\Generative AI Policy Name: Settings for DevTools Generative AI Features Policy State: Enabled Policy Value: Do not allow DevTools Generative AI Features

Additional Identifiers

Rule ID: SV-275781r1106671_rule

Vulnerability ID: V-275781

Group Title: SRG-APP-000089

Expert Comments

Expert comments are only available to logged-in users.

CCIs

CCIs tied to check.
Number Definition
CCI-000169

Provide audit record generation capability for the event types the system is capable of auditing as defined in AU-2 a on organization-defined information system components.

Controls

Controls tied to check. These are derived from the CCIs shown above.
Number Title
AU-12

Audit Generation