Banner-image-7

Introduction

This document gives information with examples to establish a secure configuration for Google Chrome. By following these recommendations we can make browsers secure and prevent them from threats.

Recommendations

1. Enforced Defaults

Recommendations here are configured by default when you install google chrome. Enforcing this setting can prevent it from changing to a less secure option

  • Remote Access
  •   E.g   Ensure ‘Enable curtaining of remote access hosts’ is set to ‘Disable

Description: 

Chrome allows controls to prevent someone physically present at the host machine from seeing what a user is doing while a remote connection is in progress.

Audit:

Navigate to the UI path articulated in the Remediation section and confirm it is set as prescribed. This group policy setting is backed by the following registry location:

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Chrome:RemoteAccessHostRequireCurtain

Remediation:

To establish the recommended configuration via group policy, set the following path to ‘Disabled’:

Computer Configuration\Administrative Templates\Google\Google Chrome\Configure remote access options\Enable curtaining of remote access host

  • E.g   Ensure ‘Continue running background apps when Google Chrome is closed’ is set to ‘Disabled’

Description: 

Chrome allows for processes started while the browser is open to remain running once the browser has been closed.

Audit:

Navigate to the UI path articulated in the Remediation section and confirm it is set as prescribed. This group policy setting is backed by the following registry location:

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Chrome:BackgroundModeEnabled

Remediation:

To establish the recommended configuration via group policy, set the following UI path to ‘Disabled’:

Computer Configuration\Administrative Templates\Google\Google Chrome\Continue running background apps when Google Chrome is closed 

2. Attack Surface Reduction

Using this recommendation we can reduce the overall surface attack.

  • E.g   Ensure ‘Default flash setting’ is set to ‘Enabled’ 

Description: 

Malicious plugins can cause browser instability and erratic behaviour so setting the value to ‘click to play’ will allow a user to only run necessary plugins.

Audit:

Navigate to the UI path articulated in the Remediation section and confirm it is set as prescribed. This group policy setting is backed by the following registry location:

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Chrome:DefaultPluginsSetting

Remediation:

To establish the recommended configuration via group policy, set the following UI path to ‘Enabled’ with ‘Click to play’ selected from the dropdown:

Computer Configuration\Administrative Templates\Google\Google Chrome\Content Settings\Default Flash Setting

In a similar way, we can ensure other options i.e enabled or disabled based on recommendations.

3. Services

User privacy can be improved using these recommendations.

  • E.g   Confirm ‘Default cookies setting’ is set to ‘Enabled’ 

Description: 

Permanently stored cookies may be used for malicious intent. 

Audit:

Navigate to the UI path articulated in the Remediation section and confirm it is set as prescribed. This group policy setting is backed by the following registry location:

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Chrome:DefaultCookiesSetting

Remediation:

To establish the recommended configuration via group policy, set the following UI path to ‘Enabled’ with ‘Cookies from the duration of the session’ selected from the dropdown:

Computer Configuration\Administrative Templates\Google\Google Chrome\Content Settings\Default Cookies Setting

Similarly,  we can Ensure other options i.e enabled or disabled based on recommendations.

4. Management/Visibility/Performance

This Recommends for management, visibility and performance of Google Chrome.

  • Remote Access

These recommendations are related to Remote Access

  • E.g   Ensure ‘Enable firewall traversal from remote access host’ is set to ‘Disabled’ 

Description: 

By disabling this feature, the machine will only allow connections from machines within the local network.

Audit:

Navigate to the UI path articulated in the Remediation section and confirm it is set as prescribed. This group policy setting is backed by the following registry location:

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Chrome:RemoteAccessHostFirewallTraversal

Remediation:

To establish the recommended configuration via group policy, set the following UI path to ‘Disabled’

Computer Configuration\Administrative Templates\Google\Google Chrome\Configure remote access options\Enable firewall traversal from remote access host

In a similar way we can Ensure for other options i.e enabled or disabled based on recommendations.

5. Data Loss Prevention

Using these recommendations we can prevent and protect against unwanted loss of data.

  • E.g   Ensure ‘Enable submission of documents to Google Cloud print’ is set to ‘Disabled’ 

Description: 

This setting enables Google Chrome to submit documents to google cloud print for printing.

Audit:

Navigate to the UI path articulated in the Remediation section and confirm it is set as prescribed. This group policy setting is backed by the following registry location:

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Chrome:CloudPrintSubmitEnabled

Remediation:

To establish the recommended configuration via group policy, set the following UI path to ‘Disabled’

Computer Configuration\Administrative Templates\Google\Google Chrome\Printing\Enable submission of documents to Google Cloud print

In a similar way we can Ensure for other options i.e enabled or disabled based on recommendations.

Conclusion

We can secure web browsers like Google Chrome and prevent it from threats like cyberattacks by following CIS Benchmarks. 

akshay-shende

QA Intern