DTBC-0005 - Extensions installation must be blocklisted by default.

Information

Extensions are developed by third party sources and are designed to extend Google Chrome's functionality. An extension can be made by anyone, to do and access almost anything on a system; this means they pose a high risk to any system that would allow all extensions to be installed by default. Allows you to specify which extensions the users can NOT install. Extensions already installed will be removed if blocklisted. A blocklist value of '*' means all extensions are blocklisted unless they are explicitly listed in the allowlist. If this policy is left not set the user can install any extension in Google Chrome.

Solution

Windows group policy:
1. Open the group policy editor tool with gpedit.msc
2. Navigate to Policy Path: Computer Configuration\Administrative Templates\Google\Google Chrome\Extensions\
Policy Name: Configure extension installation blocklist
Policy State: Enabled
Policy Value: *

See Also

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_Google_Chrome_V2R6_STIG.zip

Item Details

Category: AUDIT AND ACCOUNTABILITY

References: 800-53|AU-12a., CAT|II, CCI|CCI-000169, Rule-ID|SV-221562r684815_rule, STIG-ID|DTBC-0005, STIG-Legacy|SV-57561, STIG-Legacy|V-44727, Vuln-ID|V-221562

Plugin: Windows

Control ID: d771be0444d38817fb734604b19a835f4c08a6f0624dc983c8551be95e9e6912