Extensions must be blacklisted by default

Part of DTBC0005 - Blacklist extensions by default

Associated with IA controls: ECSC-1

Associated with: CCI-001588

SV-46909r1_rule Extensions must be blacklisted by default

Vulnerability discussion

Extensions are developed by third party sources. They are designed to extend Google Chrome's functionality. An extension can be made by anyone, to do and access almost anything on a system; this means they pose a high risk to any system that would allow all extensions to be installed by default. "Allows you to specify which extensions the users can NOT install. Extensions already installed will be removed if blacklisted. A blacklist value of '*' means all extensions are blacklisted unless they are explicitly listed in the whitelist. If this policy is left not set the user can install any extension in Google Chrome." - Google Chrome Administrators Policy List

Check content

Fix text

Valid for Chrome Browser version 8 or later. Windows registry: Key Path: HKLM\Software\Policies\Google\Chrome\ExtensionInstallBlacklist Value Name: 1 Value Type: String (REG_SZ) Value Data: * Windows group policy: Policy Path: Computer Configuration\Administrative Templates\Google\Google Chrome\Extensions\ Policy Name: Configure extension installation blacklist Policy State: Enabled Policy Value: *

Pro Tips

Lavender hyperlinks in small type off to the right (of CSS class id, if you view the page source) point to globally unique URIs for each document and item. Copy the link location and paste anywhere you need to talk unambiguously about these things.

You can obtain data about documents and items in other formats. Simply provide an HTTP header Accept: text/turtle or Accept: application/rdf+xml.