Checklist Summary:

The Google Chrome Browser Security Technical Implementation Guide (STIG) for Windows provides the technical security policies, requirements, and implementation details for applying security concepts to the current version of the Google Chrome web browser for Windows. This document and associated STIG are written to address security concerns with version 33 of the Google Chrome Browser and newer, and will be updated as new security concerns are released. The STIG is updated independently of the browser and will never be tied to a specific version of the software due in part to the rapid release cycle of Google, and that not all updates come with new security requirements. The SRG relationship and structure provides the ability to identify requirements that may be considered not applicable for a given technology family and provide appropriate justification. It also provides the structure to identify variations in specific values based on the technology family. These variations will be captured once and will propagate down to the Technology SRGs and then to the STIGs. This will eliminate the need for each product-specific STIG to address items that are not applicable.

Checklist Role:

• Web Browser

Known Issues:

Not Provided

Target Audience:

Not Provided

Target Operational Environment:

• Managed
• Specialized Security-Limited Functionality (SSLF)

Testing Information:

Although there are a few different operating system platforms for desktop environments, this document addresses Google Chrome running on Microsoft Windows platforms only. This document does not include specific guidance for UNIX, Linux, or Apple desktop environments at this time.

Regulatory Compliance:

DoD Instruction (DoDI) 8500.01

Comments/Warnings/Miscellaneous:

Comments or proposed revisions to this document should be sent via e-mail to the following address: [email protected]. DISA Field Security Operations (FSO) will coordinate all change requests with the relevant DoD organizations before inclusion in this document.

Disclaimer:

Not Provided

Product Support:

Not Provided.

Point of Contact:

[email protected]

Sponsor:

Not Provided

Licensing:

Not Provided

Change History:

Version 1, Release 2 - 25 July 2014
Version 1, Release 1 - 15 April 2014
Version 1, Release 3 - 27 October 2015
Changed status from "Under Review" to "Final" - 03 December 2015
4/27/2016 - version 1 release 4
moved to FINAL - 6/7/2016
updated to v1, r5 - 7/22/2016
Moved to FINAL - 09/08/2016
Updated STIG to V1, R6 - 10-28-2016
updated to FINAL - 12/07/2016
Updated to v1, r7 - 12/13/2016
Move to FINAL - 1/19/2017
Updated to v1. r8 - 04/24/2017
Updated benchmark - 04/28/2017
Updated to FINAL - 05/30/2017
null
Updated - V1, R 9 - 07/28/2017
null
updated checklist - 11/01/2017
Updated to FINAL - 11/27/2017
updated to v1,r11 - 02/16/2018
Updated to FINAL - 3/18/2018
updated to v1,r12 - 4/25/18
Updated to FINAL - 5/25/18
updated benchmark - 7/24/18
Added GPOs - 8/6/18
Updated to FINAL - 9/6/2018
Updated to Version 1, Release 13 - 10/25/2018
Updated to FINAL - 11/26/18
Updated to Version 1, Release 14 - 11/29/2018
Corrected SHA for GPO file - 12/19/2018
Updated to v1,r15 - 1/22/19
updated GPO file - 2/8/19
Corrected SHA - 2/19/19
Status Updated to FINAL - 3/19/19
Updated URLs - 6/6/19
Updated URLs - 8/9/19
Updated GPO file - 10/31/19
updated URLs - 11/1/19
updated URLs per DISA - 1/21/2020
Updated GPO file per DISA - 1/29/2020
Updated GPO file per DISA - 2/3/2020
updated GPO file - 3/6/2020
updated resource title per DISA - 3/12/2020
Updated GPO file per DISA - 4/27/2020
updated GPO file per DISA - 7/7/2020
updated URLs - 8/3/2020
Updated URL per DISA - 10/28/20
Updated GPO - 12/4/2020
Updated resources per DISA - 1/26/21
Updated GPO per DISA - 1/28/21
Updated GPO per DISA - 3/1/21
added SCC links per DISA guidance - 4/20/2021
updated URLs per DISA - 4/28/2021
Updated GPO per DISA - 5/12/21
updated SCC content - 5/27/2021
updated URLs - 7/28/2021
Updated GPO - 8/9/21
null
Updated GPO per DISA - 8/24/21
updated SCC tool per DISA - 9/16/2021
updated GPO files - 11/22/2021
updated URLs - 1/26/2022
Updated GPO per DISA - 2/17/22
updated URLs - 4/27/2022
Updated GPO per DISA - 5/2/22
updated SHA - 5/3/2022
Updated resources per DISA - 5/29/22
null
Updated SCC per DISA - 6/14/22
Updated GPO per DISA - 8/1/22
null
SCC - 10/13/22
Updated resource per DISA - 10/26/22
updated GPO file - 11/7/22
updated URLs per DISA - 1/17/2023
updated GPO file - 1/31/2023
updated SCC content - 2/3/2023
 updated SCC content - 3/9/2023
Updated GPO per DISA - 5/1/23
updated SCC content - 6/22/23
updated SHA - 7/27/23
Updated GPO per DISA - 7/31/23
Updated GPO per DISA - 8/21/23
Updated SCC per DISA - 9/21/23
Updated GPO per DISA - 11/2/23
Corrected SHA discrepancy - 11/3/2023
updated URLs - 1/26/24
SHA - 2/7/24
Updated SCC Resources - 4/19/24
Updated Resources - 06/10/2024
Resource updated - 08/27/2024
Resources and Title Updated - 11/04/2024
SHA Updated - 11/08/2024
Updated SCC and GPO Resources - 12/09/24
Updated GPO Resource - 02/06/2025
Updated Resource - 03/31/2025
Updated GPOs - 04/30/2025
Added Intune Policies - 05/08/2025
Updated Version and Resources - 08/29/2025
Update Resources and GPOs - 08/29/2025
Update Resources, Product Version, General - 11/18/2025

Dependency/Requirements:

URL	Description

References:

Reference URL	Description

NIST checklist record last modified on 11/18/2025