DTBC-0021 - The URL protocol schema javascript must be disabled.

Warning! Audit Deprecated

This audit has been deprecated and will be removed in a future update.

View Next Audit Version

Information

Each access to a URL is handled by the browser according to the URL's 'scheme'. The 'scheme' of a URL is the section before the ':'. The term 'protocol' is often mistakenly used for a 'scheme'. The difference is that the scheme is how the browser handles a URL and the protocol is how the browser communicates with a service. If a scheme or its associated protocol used by a browser is insecure or obsolete, vulnerabilities can be exploited resulting in exposed data or unrestricted access to the browser's system. The browser must be configured to disable the use of insecure and obsolete schemas (protocols).
This policy disables the listed protocol schemes in Google Chrome, URLs using a scheme from this list will not load and cannot be navigated to. If this policy is left not set or the list is empty all schemes will be accessible in Google Chrome.

Solution

Windows group policy:
1. Open the group policy editor tool with gpedit.msc.
2. Navigate to Policy Path: Computer Configuration\Administrative Templates\Google\Google Chrome\
Policy Name: Block access to a list of URLs.
- Policy State: Enabled
- Policy Value 1: javascript://*

See Also

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_Google_Chrome_V2R8_STIG.zip

Item Details

References: CAT|II, CCI|CCI-000381, Rule-ID|SV-221572r754415_rule, STIG-ID|DTBC-0021, STIG-Legacy|SV-57595, STIG-Legacy|V-44761, Vuln-ID|V-221572

Plugin: Windows

Control ID: 4bff6888884ce8406ca4300b99928162449c1ccb13ddec92485971dc7593c4fa