Detections
Analytics

Revision 1.4

Apr 9, 2025
Functional Update
  • 2.32 Ensure 'Allow remote debugging' is set to 'Disabled'
  • 2.8.1 Ensure 'Allow remote access connections to this machine' is set to 'Disabled'
Informational Update
  • 2.32 Ensure 'Allow remote debugging' is set to 'Disabled'
  • 2.8.1 Ensure 'Allow remote access connections to this machine' is set to 'Disabled'
Miscellaneous
  • Metadata updated.
  • References updated.
Added
  • '2.17 (L1) Ensure \'Proxy settings\' is set to \'Enabled\' and does not contain \'ProxyMode\': \'auto_detect\''
  • 1.1.1 (L1) Ensure 'Cross-origin HTTP Authentication prompts' is set to 'Disabled'
  • 1.10 (L1) Ensure 'Disable Certificate Transparency enforcement for a list of Legacy Certificate Authorities' is set to 'Disabled'
  • 1.11 (L1) Ensure 'Disable Certificate Transparency enforcement for a list of subjectPublicKeyInfo hashes' is set to 'Disabled'
  • 1.12 (L1) Ensure 'Disable Certificate Transparency enforcement for a list of URLs' is set to 'Disabled'
  • 1.13 (L1) Ensure 'Disable saving browser history' is set to 'Disabled'
  • 1.14 (L1) Ensure 'DNS interception checks enabled' is set to 'Enabled'
  • 1.15 (L1) Ensure 'Enable component updates in Google Chrome' is set to 'Enabled'
  • 1.16 (L1) Ensure 'Enable globally scoped HTTP auth cache' is set to 'Disabled'
  • 1.17 (L1) Ensure 'Enable online OCSP/CRL checks' is set to 'Disabled'
  • 1.18 (L1) Ensure 'Enable security warnings for command-line flags' is set to 'Enabled'
  • 1.19 (L1) Ensure 'Enable third party software injection blocking' is set to 'Enabled'
  • 1.2.1 (L1) Ensure 'Configure the list of domains on which Safe Browsing will not trigger warnings' is set to 'Disabled'
  • 1.2.2 (L1) Ensure 'Safe Browsing Protection Level' is set to 'Enabled: Safe Browsing is active in the standard mode.' or higher
  • 1.20 (L1) Ensure 'Enables managed extensions to use the Enterprise Hardware Platform API' is set to 'Disabled'
  • 1.21 (L1) Ensure 'Ephemeral profile' is set to 'Disabled'
  • 1.22 (L1) Ensure 'Import autofill form data from default browser on first run' is set to 'Disabled'
  • 1.23 (L1) Ensure 'Import of homepage from default browser on first run' is set to 'Disabled'
  • 1.24 (L1) Ensure 'Import search engines from default browser on first run' is set to 'Disabled'
  • 1.25 (L1) Ensure 'List of names that will bypass the HSTS policy check' is set to 'Disabled'
  • 1.26 (L1) Ensure 'Origins or hostname patterns for which restrictions on insecure origins should not apply' is set to 'Disabled'
  • 1.27 (L1) Ensure 'Suppress lookalike domain warnings on domains' is set to 'Disabled'
  • 1.28 (L1) Ensure 'Suppress the unsupported OS warning' is set to 'Disabled'
  • 1.29 (L1) Ensure 'URLs for which local IPs are exposed in WebRTC ICE candidates' is set to 'Disabled'
  • 1.3 (L1) Ensure 'Allow Google Cast to connect to Cast devices on all IP addresses' is set to 'Disabled'
  • 1.4 (L1) Ensure 'Allow queries to a Google time service' is set to 'Enabled'
  • 1.5 (L1) Ensure 'Allow the audio sandbox to run' is set to 'Enabled'
  • 1.6 (L1) Ensure 'Ask where to save each file before downloading' is set to 'Enabled'
  • 1.7 (L1) Ensure 'Continue running background apps when Google Chrome is closed' is set to 'Disabled'
  • 1.9 (L1) Ensure 'Determine the availability of variations' is set to 'Enable all variations'
  • 2.1.1 (L1) Ensure 'Update policy override' is set to 'Enabled' with 'Always allow updates (recommended)' or 'Automatic silent updates' specified
  • 2.1.2 (L1) Ensure 'Auto-update check period override' is set to any value except '0'
  • 2.10.1 (L1) Ensure 'Allow automatic sign-in to Microsoft cloud identity providers' Is Enabled
  • 2.11 (L1) Ensure 'Allow download restrictions' is set to 'Enabled: Block malicious downloads'
  • 2.13 (L1) Ensure 'Disable proceeding from the Safe Browsing warning page' is set to 'Enabled'
  • 2.14 (L1) Ensure 'Require Site Isolation for every site' is set to 'Enabled'
  • 2.16 (L1) Ensure 'Notify a user that a browser relaunch or device restart is recommended or required' is set to 'Enabled: Show a recurring prompt to the user indication that a relaunch is required'
  • 2.19 (L1) Ensure 'Set the time period for update notifications' is set to 'Enabled: 86400000'
  • 2.2.1 (L1) Ensure 'Control use of insecure content exceptions' is set to 'Enabled: Do not allow any site to load mixed content'
  • 2.2.5 (L1) Ensure 'Allow local file access to file:// URLs on these sites in the PDF Viewer' Is Disabled
  • 2.20 (L1) Ensure 'Allow Web Authentication requests on sites with broken TLS certificates' Is Disabled
  • 2.21 (L1) Ensure 'Allow reporting of domain reliability related data' Is Disabled
  • 2.22 (L1) Ensure 'Enable TLS Encrypted ClientHello' Is Enabled
  • 2.24 (L1) Ensure 'Keep browsing data when creating enterprise profile by default' Is Enabled
  • 2.25 (L1) Ensure 'Allow file or directory picker APIs to be called without prior user gesture' Is Disabled
  • 2.26 (L1) Ensure 'Enable Google Search Side Panel' Is Disabled
  • 2.27 (L1) Ensure 'Http Allowlist' Is Properly Configured
  • 2.28 (L1) Ensure 'Enable automatic HTTPS upgrades' Is Enabled
  • 2.29 (L1) Ensure 'Insecure Hashes in TLS Handshakes Enabled' Is Disabled
  • 2.3.1 (L1) Ensure 'Blocks external extensions from being installed' is set to 'Enabled'
  • 2.3.2 (L1) Ensure 'Configure allowed app/extension types' is set to 'Enabled: extension, hosted_app, platform_app, theme'
  • 2.3.3 (L1) Ensure 'Configure extension installation blocklist' is set to 'Enabled: *'
  • 2.3.5 (L1) Ensure 'Block third-party storage partitioning for these origins' Is Configured
  • 2.3.7 (L1) Ensure 'Control availability of extensions unpublished on the Chrome Web Store' Is Disabled
  • 2.30 (L1) Ensure 'Enable Renderer App Container' Is Enabled
  • 2.31 (L1) Ensure 'Enable strict MIME type checking for worker scripts' Is Enabled
  • 2.6.1 (L1) Ensure 'Enable saving passwords to the password manager' is Explicitly Configured
  • 2.7.1 (L1) Ensure 'Enable Google Cloud Print Proxy' is set to 'Disabled'
  • 2.8.2 (L1) Ensure 'Allow remote users to interact with elevated windows in remote assistance sessions' is set to 'Disabled'
  • 2.8.3 (L1) Ensure 'Configure the required domain names for remote access clients' is set to 'Enabled' with a domain defined
  • 2.8.4 (L1) Ensure 'Enable curtaining of remote access hosts' is set to 'Disabled'
  • 2.8.5 (L1) Ensure 'Enable firewall traversal from remote access host' is set to 'Disabled'
  • 2.8.6 (L1) Ensure 'Enable or disable PIN-less authentication for remote access hosts' is set to 'Disabled'
  • 2.8.7 (L1) Ensure 'Enable the use of relay servers by the remote access host' is set to 'Disabled'.
  • 2.9.1 (L1) Ensure 'Enable First-Party Sets' Is Disabled
  • 3.1.2 (L1) Ensure 'Default geolocation setting' is set to 'Enabled: Do not allow any site to track the users' physical location'
  • 3.10 (L1) Ensure 'Enable predict network actions` is set to 'Enabled: Do not predict actions on any network connection'
  • 3.11 (L1) Ensure 'Enable or disable spell checking web service' is set to 'Disabled'
  • 3.12 (L1) Ensure 'Enable reporting of usage and crash-related data' is set to 'Disabled'
  • 3.13 (L1) Ensure 'Enable Safe Browsing for trusted sources' is set to 'Disabled'
  • 3.16 (L1) Ensure 'Enable URL-keyed anonymized data collection' is set to 'Disabled'
  • 3.2.1 (L1) Ensure 'Enable Google Cast' is set to 'Disabled'
  • 3.3 (L1) Ensure 'Allow websites to query for available payment methods' is set to 'Disabled'
  • 3.4 (L1) Ensure 'Block third party cookies' is set to 'Enabled'
  • 3.6 (L1) Ensure 'Control how Chrome Cleanup reports data to Google' is set to 'Disabled'
  • 3.7 (L1) Ensure 'Disable synchronization of data with Google' is set to 'Enabled'
  • 3.8 (L1) Ensure 'Enable alternate error pages' is set to 'Disabled'
  • 3.9 (L1) Ensure 'Enable deleting browser and download history' is set to 'Disabled'
  • 4.10 (L1) Ensure 'Import saved passwords from default browser on first run' is set to 'Disabled'
  • 4.11 (L1) Ensure 'List of types that should be excluded from synchronization' is set to 'Enabled: passwords'
  • 4.2.3 (L1) Ensure 'Allow clipboard for these sites' Is Configured
  • 4.2.4 (L1) Ensure 'Block clipboard on these sites' Is Configured
  • 4.2.5 (L1) Ensure 'Default clipboard setting' Is 'Enabled' to 'Deny Permissions'
  • 4.6 (L1) Ensure 'Allow user feedback' is set to 'Disabled'
  • 4.9 (L1) Ensure 'Enable AutoFill for credit cards' is set to 'Disabled'
  • 5.3 (L1) Ensure 'Set disk cache size, in bytes' is set to 'Enabled: 250609664'
Removed
  • 1.1.1 Ensure 'Cross-origin HTTP Authentication prompts' is set to 'Disabled'
  • 1.10 Ensure 'Disable Certificate Transparency enforcement for a list of Legacy Certificate Authorities' is set to 'Disabled'
  • 1.11 Ensure 'Disable Certificate Transparency enforcement for a list of subjectPublicKeyInfo hashes' is set to 'Disabled'
  • 1.12 Ensure 'Disable Certificate Transparency enforcement for a list of URLs' is set to 'Disabled'
  • 1.13 Ensure 'Disable saving browser history' is set to 'Disabled'
  • 1.14 Ensure 'DNS interception checks enabled' is set to 'Enabled'
  • 1.15 Ensure 'Enable component updates in Google Chrome' is set to 'Enabled'
  • 1.16 Ensure 'Enable globally scoped HTTP auth cache' is set to 'Disabled'
  • 1.17 Ensure 'Enable online OCSP/CRL checks' is set to 'Disabled'
  • 1.18 Ensure 'Enable security warnings for command-line flags' is set to 'Enabled'
  • 1.19 Ensure 'Enable third party software injection blocking' is set to 'Enabled'
  • 1.2.1 Ensure 'Configure the list of domains on which Safe Browsing will not trigger warnings' is set to 'Disabled'
  • 1.2.2 Ensure 'Safe Browsing Protection Level' is set to 'Enabled: Safe Browsing is active in the standard mode.' or higher
  • 1.20 Ensure 'Enables managed extensions to use the Enterprise Hardware Platform API' is set to 'Disabled'
  • 1.21 Ensure 'Ephemeral profile' is set to 'Disabled'
  • 1.22 Ensure 'Import autofill form data from default browser on first run' is set to 'Disabled'
  • 1.23 Ensure 'Import of homepage from default browser on first run' is set to 'Disabled'
  • 1.24 Ensure 'Import search engines from default browser on first run' is set to 'Disabled'
  • 1.25 Ensure 'List of names that will bypass the HSTS policy check' is set to 'Disabled'
  • 1.26 Ensure 'Origins or hostname patterns for which restrictions on insecure origins should not apply' is set to 'Disabled'
  • 1.27 Ensure 'Suppress lookalike domain warnings on domains' is set to 'Disabled'
  • 1.28 Ensure 'Suppress the unsupported OS warning' is set to 'Disabled'
  • 1.29 Ensure 'URLs for which local IPs are exposed in WebRTC ICE candidates' is set to 'Disabled'
  • 1.3 Ensure 'Allow Google Cast to connect to Cast devices on all IP addresses' is set to 'Disabled'
  • 1.4 Ensure 'Allow queries to a Google time service' is set to 'Enabled'
  • 1.5 Ensure 'Allow the audio sandbox to run' is set to 'Enabled'
  • 1.6 Ensure 'Ask where to save each file before downloading' is set to 'Enabled'
  • 1.7 Ensure 'Continue running background apps when Google Chrome is closed' is set to 'Disabled'
  • 1.9 Ensure 'Determine the availability of variations' is set to 'Enable all variations'
  • 2.1.1 Ensure 'Update policy override' is set to 'Enabled' with 'Always allow updates (recommended)' or 'Automatic silent updates' specified
  • 2.1.2 Ensure 'Auto-update check period override' is set to any value except '0'
  • 2.10.1 Ensure 'Allow automatic sign-in to Microsoft cloud identity providers' Is Enabled
  • 2.11 Ensure 'Allow download restrictions' is set to 'Enabled: Block malicious downloads'
  • 2.13 Ensure 'Disable proceeding from the Safe Browsing warning page' is set to 'Enabled'
  • 2.14 Ensure 'Require Site Isolation for every site' is set to 'Enabled'
  • 2.16 Ensure 'Notify a user that a browser relaunch or device restart is recommended or required' is set to 'Enabled: Show a recurring prompt to the user indication that a relaunch is required'
  • 2.17 Ensure 'Proxy settings' is set to 'Enabled' and does not contain 'ProxyMode': 'auto_detect'
  • 2.19 Ensure 'Set the time period for update notifications' is set to 'Enabled: 86400000'
  • 2.2.1 Ensure 'Control use of insecure content exceptions' is set to 'Enabled: Do not allow any site to load mixed content'
  • 2.2.5 Ensure 'Allow local file access to file:// URLs on these sites in the PDF Viewer' Is Disabled
  • 2.20 Ensure 'Allow Web Authentication requests on sites with broken TLS certificates' Is Disabled
  • 2.21 Ensure 'Allow reporting of domain reliability related data' Is Disabled
  • 2.22 Ensure 'Enable TLS Encrypted ClientHello' Is Enabled
  • 2.24 Ensure 'Keep browsing data when creating enterprise profile by default' Is Enabled
  • 2.25 Ensure 'Allow file or directory picker APIs to be called without prior user gesture' Is Disabled
  • 2.26 Ensure 'Enable Google Search Side Panel' Is Disabled
  • 2.27 Ensure 'Http Allowlist' Is Properly Configured
  • 2.28 Ensure 'Enable automatic HTTPS upgrades' Is Enabled
  • 2.29 Ensure 'Insecure Hashes in TLS Handshakes Enabled' Is Disabled
  • 2.3.1 Ensure 'Blocks external extensions from being installed' is set to 'Enabled'
  • 2.3.2 Ensure 'Configure allowed app/extension types' is set to 'Enabled: extension, hosted_app, platform_app, theme' - extension
  • 2.3.3 Ensure 'Configure extension installation blocklist' is set to 'Enabled: *'
  • 2.3.5 Ensure 'Block third-party storage partitioning for these origins' Is Configured
  • 2.3.7 Ensure 'Control availability of extensions unpublished on the Chrome Web Store' Is Disabled
  • 2.30 Ensure 'Enable Renderer App Container' Is Enabled
  • 2.31 Ensure 'Enable strict MIME type checking for worker scripts' Is Enabled
  • 2.6.1 Ensure 'Enable saving passwords to the password manager' is Explicitly Configured
  • 2.7.1 Ensure 'Enable Google Cloud Print Proxy' is set to 'Disabled'
  • 2.8.2 Ensure 'Allow remote users to interact with elevated windows in remote assistance sessions' is set to 'Disabled'
  • 2.8.3 Ensure 'Configure the required domain names for remote access clients' is set to 'Enabled' with a domain defined
  • 2.8.4 Ensure 'Enable curtaining of remote access hosts' is set to 'Disabled'
  • 2.8.5 Ensure 'Enable firewall traversal from remote access host' is set to 'Disabled'
  • 2.8.6 Ensure 'Enable or disable PIN-less authentication for remote access hosts' is set to 'Disabled'
  • 2.8.7 Ensure 'Enable the use of relay servers by the remote access host' is set to 'Disabled'.
  • 2.9.1 Ensure 'Enable First-Party Sets' Is Disabled
  • 3.1.2 Ensure 'Default geolocation setting' is set to 'Enabled: Do not allow any site to track the users' physical location'
  • 3.10 Ensure 'Enable predict network actions' is set to 'Enabled: Do not predict actions on any network connection'
  • 3.11 Ensure 'Enable or disable spell checking web service' is set to 'Disabled'
  • 3.12 Ensure 'Enable reporting of usage and crash-related data' is set to 'Disabled'
  • 3.13 Ensure 'Enable Safe Browsing for trusted sources' is set to 'Disabled'
  • 3.16 Ensure 'Enable URL-keyed anonymized data collection' is set to 'Disabled'
  • 3.2.1 Ensure 'Enable Google Cast' is set to 'Disabled'
  • 3.3 Ensure 'Allow websites to query for available payment methods' is set to 'Disabled'
  • 3.4 Ensure 'Block third party cookies' is set to 'Enabled'
  • 3.6 Ensure 'Control how Chrome Cleanup reports data to Google' is set to 'Disabled'
  • 3.7 Ensure 'Disable synchronization of data with Google' is set to 'Enabled'
  • 3.8 Ensure 'Enable alternate error pages' is set to 'Disabled'
  • 3.9 Ensure 'Enable deleting browser and download history' is set to 'Disabled'
  • 4.10 Ensure 'Import saved passwords from default browser on first run' is set to 'Disabled'
  • 4.11 Ensure 'List of types that should be excluded from synchronization' is set to 'Enabled: passwords'
  • 4.2.3 Ensure 'Allow clipboard for these sites' Is Configured
  • 4.2.4 Ensure 'Block clipboard on these sites' Is Configured
  • 4.2.5 Ensure 'Default clipboard setting' Is 'Enabled' to 'Deny Permissions'
  • 4.6 Ensure 'Allow user feedback' is set to 'Disabled'
  • 4.9 Ensure 'Enable AutoFill for credit cards' is set to 'Disabled'
  • 5.3 Ensure 'Set disk cache size, in bytes' is set to 'Enabled: 250609664'