Safe Browsing Extended Reporting must be disabled.

Associated with: CCI-001166

SV-96299r2_rule Safe Browsing Extended Reporting must be disabled.

Vulnerability discussion

Enables Google Chrome's Safe Browsing Extended Reporting and prevents users from changing this setting. Extended Reporting sends some system information and page content to Google servers to help detect dangerous apps and sites.If the setting is set to "True", then reports will be created and sent whenever necessary (such as when a security interstitial is shown).If the setting is set to "False", reports will never be sent.If this policy is set to "True" or "False", the user will not be able to modify the setting.If this policy is left unset, the user will be able to change the setting and decide whether to send reports or not.

Check content

Universal method: 1. In the omnibox (address bar) type chrome://policy 2. If "SafeBrowsingExtendedReportingEnabled" is not displayed under the "Policy Name" column or it is not set to "False", this is a finding. Windows method: 1. Start regedit 2. Navigate to HKLM\Software\Policies\Google\Chrome\ 3. If the "SafeBrowsingExtendedReportingEnabled" value name does not exist or its value data is not set to "0", this is a finding.

Fix text

Windows group policy: 1. Open the “group policy editor” tool with gpedit.msc 2. Navigate to Policy Path: Computer Configuration\Administrative Templates\Google\Google Chrome\Safe Browsing settings\ Policy Name: Enable Safe Browsing Extended Reporting Policy State: Disabled Policy Value: N/A

Pro Tips

Lavender hyperlinks in small type off to the right (of CSS class id, if you view the page source) point to globally unique URIs for each document and item. Copy the link location and paste anywhere you need to talk unambiguously about these things.

You can obtain data about documents and items in other formats. Simply provide an HTTP header Accept: text/turtle or Accept: application/rdf+xml.