2.23 (L2) Ensure 'Enable AutoFill for addresses' is set to 'Disabled'

Information

Chrome allows users to auto-complete web forms with saved information such as address or phone number. Disabling this feature will prompt a user to enter all information manually.

The recommended state for this setting is: Disabled (0)

If an attacker gains access to a user's machine where the user has stored address AutoFill data, information could be harvested.

Solution

To establish the recommended configuration via Group Policy, set the following UI path to Disabled :

Computer Configuration\Administrative Templates\Google\Google Chrome\Enable AutoFill for addresses

Impact:

If this setting is disabled, AutoFill will be inaccessible to users.

See Also

https://workbench.cisecurity.org/benchmarks/16430

Item Details

Category: SYSTEM AND INFORMATION INTEGRITY

References: 800-53|SI-8, CSCv7|4.8

Plugin: Windows

Control ID: 5f73254d5dc030de9d32e872e066826e2cd8f633f2e9009bd60229d61f136ab8