Extensions that are approved for use must be whitelisted

From Google Chrome v24 Windows STIG

Part of DTBC0006 - Whitelist approved extensions

Associated with IA controls: ECSC-1

Associated with: CCI-001588

SV-46910r2_rule Extensions that are approved for use must be whitelisted

Vulnerability discussion

The whitelist should only contain organizationally approved extensions. This is to prevent a user from accidently whitelisitng a malicious extension."Allows you to specify which extensions are not subject to the blacklist. A blacklist value of * means all extensions are blacklisted and users can only install extensions listed in the whitelist. By default, no extensions are whitelisted. If all extensions have been blacklisted by policy, then the whitelist policy can be used to allow specific extensions to be installed. Administrators should determine which extensions should be allowed to be installed by their users. If no extensions are whitelisted, then no extensions can be installed when combined with blacklisting all extensions" - Google Chrome Administrators Policy List

Check content

Universal method (Requires Chrome Browser v15 or later): 1. In the omnibox (address bar) type chrome://policy 2. If ExtensionInstallWhitelist is not displayed under the Policy Name column or it is not set to oiigbmnaadbkfbmpbfijlflahbdbdgdf or a list of administrator approved extension IDs, then this is a finding. Windows method: 1. Start regedit 2. Navigate to HKLM\Software\Policies\Google\Chrome\ExtensionInstallWhitelist 3. If the ExtensionInstallWhitelist key does not exist or is not set to oiigbmnaadbkfbmpbfijlflahbdbdgdf or a list of administrator approved extension IDs, then this is a finding.

Fix text

Valid for Chrome Browser version 8 or later. Windows registry: Key Path: HKLM\Software\Policies\Google\Chrome\ExtensionInstallWhitelist For each extension that is to whitelisted sequential keys must be created. The name of the keys are numeric going 1,2,3,etc. Value Name: 1 Value Type: String (REG_SZ) Value Data: oiigbmnaadbkfbmpbfijlflahbdbdgdf Windows group policy: Policy Path: Computer Configuration\Administrative Templates\Google\Google Chrome\Extensions\ Policy Name: Configure extension installation whitelist Policy State: Enabled Policy Value: oiigbmnaadbkfbmpbfijlflahbdbdgdf Note: oiigbmnaadbkfbmpbfijlflahbdbdgdf is the extension ID for scriptno(a commonly used Chrome extension)

Pro Tips

Lavender hyperlinks in small type off to the right (of CSS class id, if you view the page source) point to globally unique URIs for each document and item. Copy the link location and paste anywhere you need to talk unambiguously about these things.

You can obtain data about documents and items in other formats. Simply provide an HTTP header Accept: text/turtle or Accept: application/rdf+xml.

Powered by sagemincer