The running of outdated plugins must be disabled.

From Google Chrome Current Windows STIG

Part of DTBC0013 - Outdated plugins

Associated with: CCI-001232

SV-57579r2_rule The running of outdated plugins must be disabled.

Vulnerability discussion

Running outdated plugins could lead to system compromise through the use of known exploits. Having plugins that updated to the most current version ensures the smallest attack surfuce possible. If you enable this setting, outdated plugins are used as normal plugins. If you disable this setting, outdated plugins will not be used and users will not be asked for permission to run them. If this setting is not set, users will be asked for permission to run outdated plugins.

Check content

Universal method: 1. In the omnibox (address bar) type chrome://policy 2. If AllowOutdatedPlugins is not displayed under the Policy Name column or it is not set to false under the Policy Name column, then this is a finding. Windows method: 1. Start regedit 2. Navigate to HKLM\Software\Policies\Google\Chrome 3. If the AllowOutdatedPlugins value name does not exist or its value data is not set to 0, then this is a finding.

Fix text

Windows group policy: 1. Open the group policy editor tool with gpedit.msc 2. Navigate to Policy Path: Computer Configuration\Administrative Templates\Google\Google Chrome\ Policy Name: Allow running plugins that are outdated Policy State: Disabled Policy Value: N/A

Pro Tips

Lavender hyperlinks in small type off to the right (of CSS class id, if you view the page source) point to globally unique URIs for each document and item. Copy the link location and paste anywhere you need to talk unambiguously about these things.

You can obtain data about documents and items in other formats. Simply provide an HTTP header Accept: text/turtle or Accept: application/rdf+xml.

Powered by sagemincer