U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

National Checklist Program

National Checklist Program

NCP

  1. Checklist Repository

Google Chrome Browser STIG for Windows Version 2, Release 9 Checklist Details (Checklist Revisions)

SCAP 1.2 Content:

Supporting Resources:

Target:

Target CPE Name
Google Chrome 33 cpe:/a:google:chrome:33.0 (View CVEs)

Checklist Highlights

Checklist Name:
Google Chrome Browser STIG for Windows
Checklist ID:
483
Version:
Version 2, Release 9
Type:
Compliance
Review Status:
Final
Authority:
Governmental Authority: Defense Information Systems Agency
Original Publication Date:
07/28/2017

Checklist Summary:

The web browser application addressed in this document, utilizes mobile code and Public Key Infrastructure (PKI) technologies to enable some of their features. The requirements described in this document are designed to implement the applicable Department of Defense (DoD) polices for those technologies. These policies are described in the Use of Mobile Code Technologies in Department of Defense (DoD) Information Systems (later referred to as the DoD Mobile Code Policy) and the Department of Defense Instruction, “Department of Defense (DoD) Public Key Infrastructure (PKI) and Public Key (PK) Enabling documents, as referenced in Appendix B, Related Publications. The requirements and recommendations set forth in this document will assist IAOs and Information Assurance Managers (IAMs) in protecting web browser applications in DoD locations hereafter referred to as sites. The responsible Configuration Control Board (CCB) will approve revisions to site systems that could have a security impact. Therefore, before implementing web browser application security measures, the IAO will submit a change notice to the CCB for review and approval. Although there are a few different operating system platforms for desktop environments, this document addresses Google Chrome running on Microsoft Windows platforms only. This document does not include specific guidance for UNIX, Linux, or Apple desktop environments at this time. This document is based on Google Chrome Browser installation within the Windows family of operating system. This document, and associated STIG, has set forth requirements based upon having a secured Windows environment as described in various other documents. The superset of these requirements can be found in the appropriate Windows STIG, which is also available from the IASE web site. Failure to follow these requirements can significantly diminish the value of many of the specifications in this document. Security controls that are managed through the underlying operating system platform directly affect the strength of the security that surrounds desktop applications.

Checklist Role:

  • Web Browser

Known Issues:

Not Provided

Target Audience:

The requirements and recommendations set forth in this document will assist IAOs and Information Assurance Managers (IAMs) in protecting web browser applications in DoD locations hereafter referred to as sites. The responsible Configuration Control Board (CCB) will approve revisions to site systems that could have a security impact. Therefore, before implementing web browser application security measures, the IAO will submit a change notice to the CCB for review and approval.

Target Operational Environment:

  • Managed
  • Specialized Security-Limited Functionality (SSLF)

Testing Information:

Although there are a few different operating system platforms for desktop environments, this document addresses Google Chrome running on Microsoft Windows platforms only. This document does not include specific guidance for UNIX, Linux, or Apple desktop environments at this time.

Regulatory Compliance:

DoD Directive 8500.1 and DoD Directive 8500.2

Comments/Warnings/Miscellaneous:

Comments or proposed revisions to this document should be sent via e-mail to the following address: disa.stig_spt@mail.mil. DISA Field Security Operations (FSO) will coordinate all change requests with the relevant DoD organizations before inclusion in this document.

Disclaimer:

Not Provided

Product Support:

Comments or proposed revisions to this document should be sent via e-mail to the following address: disa.stig_spt@mail.mil. DISA Field Security Operations (FSO) will coordinate all change requests with the relevant DoD organizations before inclusion in this document.

Point of Contact:

Comments or proposed revisions to this document should be sent via e-mail to the following address: disa.stig_spt@mail.mil. DISA Field Security Operations (FSO) will coordinate all change requests with the relevant DoD organizations before inclusion in this document.

Sponsor:

Not Provided

Licensing:

Not Provided

Change History: 

Version 1, Release 2 - 25 July 2014
Version 1, Release 1 - 15 April 2014
Version 1, Release 3 - 27 October 2015
Changed status from "Under Review" to "Final" - 03 December 2015
4/27/2016 - version 1 release 4
moved to FINAL - 6/7/2016
updated to v1, r5 - 7/22/2016
Moved to FINAL - 09/08/2016
Updated STIG to V1, R6 - 10-28-2016
updated to FINAL - 12/07/2016
Updated to v1, r7 - 12/13/2016
Move to FINAL - 1/19/2017
Updated to v1. r8 - 04/24/2017
Updated benchmark - 04/28/2017
Updated to FINAL - 05/30/2017
null
Updated - V1, R 9 - 07/28/2017
null
updated checklist - 11/01/2017
Updated to FINAL - 11/27/2017
updated to v1,r11 - 02/16/2018
Updated to FINAL - 3/18/2018
updated to v1,r12 - 4/25/18
Updated to FINAL - 5/25/18
updated benchmark - 7/24/18
Added GPOs - 8/6/18
Updated to FINAL - 9/6/2018
Updated to Version 1, Release 13 - 10/25/2018
Updated to FINAL - 11/26/18
Updated to Version 1, Release 14 - 11/29/2018
Corrected SHA for GPO file - 12/19/2018
Updated to v1,r15 - 1/22/19
updated GPO file - 2/8/19
Corrected SHA - 2/19/19
Status Updated to FINAL - 3/19/19
Updated URLs - 6/6/19
Updated URLs - 8/9/19
Updated GPO file - 10/31/19
updated URLs - 11/1/19
updated URLs per DISA - 1/21/2020
Updated GPO file per DISA - 1/29/2020
Updated GPO file per DISA - 2/3/2020
updated GPO file - 3/6/2020
updated resource title per DISA - 3/12/2020
Updated GPO file per DISA - 4/27/2020
updated GPO file per DISA - 7/7/2020
updated URLs - 8/3/2020
Updated URL per DISA - 10/28/20
Updated GPO - 12/4/2020
Updated resources per DISA - 1/26/21
Updated GPO per DISA - 1/28/21
Updated GPO per DISA - 3/1/21
added SCC links per DISA guidance - 4/20/2021
updated URLs per DISA - 4/28/2021
Updated GPO per DISA - 5/12/21
updated SCC content - 5/27/2021
updated URLs - 7/28/2021
Updated GPO - 8/9/21
null
Updated GPO per DISA - 8/24/21
updated SCC tool per DISA - 9/16/2021
updated GPO files - 11/22/2021
updated URLs - 1/26/2022
Updated GPO per DISA - 2/17/22
updated URLs - 4/27/2022
Updated GPO per DISA - 5/2/22
updated SHA - 5/3/2022
Updated resources per DISA - 5/29/22
null
Updated SCC per DISA - 6/14/22
Updated GPO per DISA - 8/1/22
null
SCC - 10/13/22
Updated resource per DISA - 10/26/22
updated GPO file - 11/7/22
updated URLs per DISA - 1/17/2023
updated GPO file - 1/31/2023
updated SCC content - 2/3/2023
 updated SCC content - 3/9/2023
Updated GPO per DISA - 5/1/23
updated SCC content - 6/22/23
updated SHA - 7/27/23
Updated GPO per DISA - 7/31/23
Updated GPO per DISA - 8/21/23
Updated SCC per DISA - 9/21/23
Updated GPO per DISA - 11/2/23
Corrected SHA discrepancy - 11/3/2023
updated URLs - 1/26/24
SHA - 2/7/24
Updated SCC Resources - 4/19/24

Dependency/Requirements:

URL Description

References:

Reference URL Description

NIST checklist record last modified on 04/19/2024