Title

Browser Geolocation functionality must be disallowed. (Cat II impact)

Discussion

This setting has a small impact on user privacy because users may unknowingly allow their browser to share location data with web sites that they visit. The value of enabling this setting is diminished due to the fact that malicious web sites can learn a great deal about the location of a user merely by analyzing their IP address. If you enable this policy setting, browser geolocation support will be turned off. If you disable this policy setting, browser geolocation will be turned on. If you do not configure this setting, browser geolocation support can be turned on or off in Internet Options on the Privacy Tab.

Check Content

The policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer -> "Turn off Browser Geolocation" must be "Enabled". Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\Policies\Microsoft\Internet Explorer\Geolocation Criteria: If the value PolicyDisableGeolocation is REG_DWORD = 1, this is not a finding.

Fix Text

Set the policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer -> "Turn off Browser Geolocation" to "Enabled".

Additional Identifiers

Rule ID: SV-45112r1_rule

Vulnerability ID: V-30775

Group Title: DTBI755 - Browser Geolocation Functionality

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.