Google Chrome Current Windows STIG Version Comparison

There are 3 differences between versions v2 r7 (Oct. 26, 2022) (the "left" version) and v2 r9 (Jan. 24, 2024) (the "right" version).

Check DTBC-0056 was removed from the benchmark in the "right" version. The text below reflects the old wording.

This check's original form is available here.

Title

Chrome must be configured to allow only TLS.

Check Content

Universal method: 1. In the omnibox (address bar) type chrome://policy 2. If "SSLVersionMin" is not displayed under the "Policy Name" column or it is not set to "tls1.2", this is a finding. Windows method: 1. Start regedit 2. Navigate to HKLM\Software\Policies\Google\Chrome\ 3. If the "SSLVersionMin" value name does not exist or its value data is not set to "tls1.2", this is a finding.

Discussion

If this policy is not configured then Google Chrome uses a default minimum version, which is TLS 1.0. Otherwise, it may be set to one of the following values: "tls1", "tls1.1" or "tls1.2". When set, Google Chrome will not use SSL/TLS versions less than the specified version. An unrecognized value will be ignored. "tls1" = TLS 1.0 "tls1.1" = TLS 1.1 "tls1.2" = TLS 1.2

Fix

Windows group policy: 1. Open the “group policy editor” tool with gpedit.msc. 2. Navigate to Policy Path: Computer Configuration\Administrative Templates\Google\Google Chrome\ Policy Name: Minimum SSL version enabled Policy State: Enabled Policy Value: TLS 1.2