3.5 (L2) Ensure 'Browser sign in settings' is set to 'Enabled: Disabled browser sign-in'

Information

Google Chrome offers to sign in with your Google account and use account-related services like Chrome sync. It is possible to sign in to Google Chrome with a Google account to use services like synchronization, and can also be used for configuration and management of the browser.

- Disable browser sign-in (0)
- Enable browser sign-in (1)
- Force users to sign-in to use the browser (2)

The recommended state for this setting is: Enabled with a value of Disable browser sign-in (0)

NOTE: If an organization is a Google Workspace Enterprise customer, they will want to leave this setting enabled so that users can sign in with Google accounts.

Since external accounts are unmanaged and potentially used to access several private computer systems and many different websites, connecting accounts via sign-in poses a security risk for the company. It interferes with the corporate management mechanisms, as well as permits an unwanted leak of corporate information and possible mixture with private, non-company data.

Solution

To establish the recommended configuration via Group Policy, set the following UI path to Enabled: Disable browser sign-in

Computer Configuration\Administrative Templates\Google\Google Chrome\Browser sign in settings

Impact:

If this setting is configured, the user cannot sign in to the browser and use Google account-based services like Chrome sync.

See Also

https://workbench.cisecurity.org/benchmarks/8691

Item Details

Category: SYSTEM AND INFORMATION INTEGRITY

References: 800-53|SI-8, CSCv7|4.8

Plugin: Windows

Control ID: 04c5f03a5509a904118c80d6390427df44ec2699a5501617943b7ee4f9959cc3