Title

Safe Browsing must be enabled. (Cat II impact)

Discussion

Allows you to control whether Google Chrome's Safe Browsing feature is enabled and the mode it operates in. If this policy is set to 'NoProtection' (value 0), Safe Browsing is never active. If this policy is set to 'StandardProtection' (value 1, which is the default), Safe Browsing is always active in the standard mode. If this policy is set to 'EnhancedProtection' (value 2), Safe Browsing is always active in the enhanced mode, which provides better security, but requires sharing more browsing information with Google.

Check Content

Universal method: 1. In the omnibox (address bar) type chrome://policy 2. If SafeBrowsingProtectionLevel is not displayed under the Policy Name column or it is not set to 1 or 2 under the Policy Value column, then this is a finding. Windows method: 1. Start regedit 2. Navigate to HKLM\Software\Policies\Google\Chrome\ 3. If the SafeBrowsingProtectionLevel value name does not exist or its value data is not set to 1 or 2, then this is a finding.

Fix Text

Windows group policy: 1. Open the “group policy editor” tool with gpedit.msc 2. Navigate to Policy Path: Computer Configuration\Administrative Templates\Google\Google Chrome\Safe Browsing Settings Policy Name: Safe Browsing Protection Level Policy State: Enabled Policy Value: "(1) Safe Browsing is active in the standard mode", or "(2) Safe Browsing is active in the enhanced mode. This mode provides better security, but requires sharing more browsing information with Google".

Additional Identifiers

Rule ID: SV-221580r879627_rule

Vulnerability ID: V-221580

Group Title: SRG-APP-000206

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.