Google Chrome Browser STIG for Windows Version 2, Release 10 Checklist Details (Checklist Revisions)
SCAP 1.3 Content:
-
Download SCAP 1.3 Content - Google Chrome STIG Benchmark - Ver 2, Rel 10
- Author: Defense Information Systems Agency
Supporting Resources:
-
Download Standalone XCCDF 1.1.4 - Google Chrome STIG - Ver 2, Rel 10
- Defense Information Systems Agency
-
Download GPOs - Group Policy Objects (GPOs) - October 2024
- Defense Information Systems Agency
-
Download Automated Content - SCC 5.10.1 Windows
- Defense Information Systems Agency
Target:
Target | CPE Name |
---|---|
Google Chrome 33 | cpe:/a:google:chrome:33.0 (View CVEs) |
Checklist Highlights
- Checklist Name:
- Google Chrome Browser STIG for Windows
- Checklist ID:
- 483
- Version:
- Version 2, Release 10
- Type:
- Compliance
- Review Status:
- Final
- Authority:
- Governmental Authority: Defense Information Systems Agency
- Original Publication Date:
- 07/28/2017
Checklist Summary:
The web browser application addressed in this document, utilizes mobile code and Public Key Infrastructure (PKI) technologies to enable some of their features. The requirements described in this document are designed to implement the applicable Department of Defense (DoD) polices for those technologies. These policies are described in the Use of Mobile Code Technologies in Department of Defense (DoD) Information Systems (later referred to as the DoD Mobile Code Policy) and the Department of Defense Instruction, “Department of Defense (DoD) Public Key Infrastructure (PKI) and Public Key (PK) Enabling documents, as referenced in Appendix B, Related Publications. The requirements and recommendations set forth in this document will assist IAOs and Information Assurance Managers (IAMs) in protecting web browser applications in DoD locations hereafter referred to as sites. The responsible Configuration Control Board (CCB) will approve revisions to site systems that could have a security impact. Therefore, before implementing web browser application security measures, the IAO will submit a change notice to the CCB for review and approval. Although there are a few different operating system platforms for desktop environments, this document addresses Google Chrome running on Microsoft Windows platforms only. This document does not include specific guidance for UNIX, Linux, or Apple desktop environments at this time. This document is based on Google Chrome Browser installation within the Windows family of operating system. This document, and associated STIG, has set forth requirements based upon having a secured Windows environment as described in various other documents. The superset of these requirements can be found in the appropriate Windows STIG, which is also available from the IASE web site. Failure to follow these requirements can significantly diminish the value of many of the specifications in this document. Security controls that are managed through the underlying operating system platform directly affect the strength of the security that surrounds desktop applications.
Checklist Role:
- Web Browser
Known Issues:
Not Provided
Target Audience:
The requirements and recommendations set forth in this document will assist IAOs and Information Assurance Managers (IAMs) in protecting web browser applications in DoD locations hereafter referred to as sites. The responsible Configuration Control Board (CCB) will approve revisions to site systems that could have a security impact. Therefore, before implementing web browser application security measures, the IAO will submit a change notice to the CCB for review and approval.
Target Operational Environment:
- Managed
- Specialized Security-Limited Functionality (SSLF)
Testing Information:
Although there are a few different operating system platforms for desktop environments, this document addresses Google Chrome running on Microsoft Windows platforms only. This document does not include specific guidance for UNIX, Linux, or Apple desktop environments at this time.
Regulatory Compliance:
DoD Directive 8500.1 and DoD Directive 8500.2
Comments/Warnings/Miscellaneous:
Comments or proposed revisions to this document should be sent via e-mail to the following address: disa.stig_spt@mail.mil. DISA Field Security Operations (FSO) will coordinate all change requests with the relevant DoD organizations before inclusion in this document.
Disclaimer:
Not Provided
Product Support:
Comments or proposed revisions to this document should be sent via e-mail to the following address: disa.stig_spt@mail.mil. DISA Field Security Operations (FSO) will coordinate all change requests with the relevant DoD organizations before inclusion in this document.
Point of Contact:
Comments or proposed revisions to this document should be sent via e-mail to the following address: disa.stig_spt@mail.mil. DISA Field Security Operations (FSO) will coordinate all change requests with the relevant DoD organizations before inclusion in this document.
Sponsor:
Not Provided
Licensing:
Not Provided
Change History:
Version 1, Release 2 - 25 July 2014 Version 1, Release 1 - 15 April 2014 Version 1, Release 3 - 27 October 2015 Changed status from "Under Review" to "Final" - 03 December 2015 4/27/2016 - version 1 release 4 moved to FINAL - 6/7/2016 updated to v1, r5 - 7/22/2016 Moved to FINAL - 09/08/2016 Updated STIG to V1, R6 - 10-28-2016 updated to FINAL - 12/07/2016 Updated to v1, r7 - 12/13/2016 Move to FINAL - 1/19/2017 Updated to v1. r8 - 04/24/2017 Updated benchmark - 04/28/2017 Updated to FINAL - 05/30/2017 null Updated - V1, R 9 - 07/28/2017 null updated checklist - 11/01/2017 Updated to FINAL - 11/27/2017 updated to v1,r11 - 02/16/2018 Updated to FINAL - 3/18/2018 updated to v1,r12 - 4/25/18 Updated to FINAL - 5/25/18 updated benchmark - 7/24/18 Added GPOs - 8/6/18 Updated to FINAL - 9/6/2018 Updated to Version 1, Release 13 - 10/25/2018 Updated to FINAL - 11/26/18 Updated to Version 1, Release 14 - 11/29/2018 Corrected SHA for GPO file - 12/19/2018 Updated to v1,r15 - 1/22/19 updated GPO file - 2/8/19 Corrected SHA - 2/19/19 Status Updated to FINAL - 3/19/19 Updated URLs - 6/6/19 Updated URLs - 8/9/19 Updated GPO file - 10/31/19 updated URLs - 11/1/19 updated URLs per DISA - 1/21/2020 Updated GPO file per DISA - 1/29/2020 Updated GPO file per DISA - 2/3/2020 updated GPO file - 3/6/2020 updated resource title per DISA - 3/12/2020 Updated GPO file per DISA - 4/27/2020 updated GPO file per DISA - 7/7/2020 updated URLs - 8/3/2020 Updated URL per DISA - 10/28/20 Updated GPO - 12/4/2020 Updated resources per DISA - 1/26/21 Updated GPO per DISA - 1/28/21 Updated GPO per DISA - 3/1/21 added SCC links per DISA guidance - 4/20/2021 updated URLs per DISA - 4/28/2021 Updated GPO per DISA - 5/12/21 updated SCC content - 5/27/2021 updated URLs - 7/28/2021 Updated GPO - 8/9/21 null Updated GPO per DISA - 8/24/21 updated SCC tool per DISA - 9/16/2021 updated GPO files - 11/22/2021 updated URLs - 1/26/2022 Updated GPO per DISA - 2/17/22 updated URLs - 4/27/2022 Updated GPO per DISA - 5/2/22 updated SHA - 5/3/2022 Updated resources per DISA - 5/29/22 null Updated SCC per DISA - 6/14/22 Updated GPO per DISA - 8/1/22 null SCC - 10/13/22 Updated resource per DISA - 10/26/22 updated GPO file - 11/7/22 updated URLs per DISA - 1/17/2023 updated GPO file - 1/31/2023 updated SCC content - 2/3/2023 updated SCC content - 3/9/2023 Updated GPO per DISA - 5/1/23 updated SCC content - 6/22/23 updated SHA - 7/27/23 Updated GPO per DISA - 7/31/23 Updated GPO per DISA - 8/21/23 Updated SCC per DISA - 9/21/23 Updated GPO per DISA - 11/2/23 Corrected SHA discrepancy - 11/3/2023 updated URLs - 1/26/24 SHA - 2/7/24 Updated SCC Resources - 4/19/24 Updated Resources - 06/10/2024 Resource updated - 08/27/2024 Resources and Title Updated - 11/04/2024 SHA Updated - 11/08/2024 Updated SCC and GPO Resources - 12/09/24
Dependency/Requirements:
URL | Description |
---|
References:
Reference URL | Description |
---|