National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Google Chrome Browser STIG for Windows Version 1, Release 11 Checklist Details (Checklist Revisions)

SCAP 1.2 Content:

Supporting Resources:

Target:

Target CPE Name Product Category
Google Chrome 24.0.1272.0 cpe:/a:google:chrome:24.0.1272.0 (View CVEs)
  • Web Browser
Google Chrome 23.0.1271.0 cpe:/a:google:chrome:23.0.1271.0 (View CVEs)
  • Web Browser

Checklist Highlights

Checklist Name:
Google Chrome Browser STIG for Windows
Checklist ID:
483
Version:
Version 1, Release 11
Type:
Compliance
Review Status:
Under Review
Authority:
Governmental Authority: Defense Information Systems Agency
Original Publication Date:
07/28/2017
Checklist Group:
View

Checklist Summary:

The web browser application addressed in this document, utilizes mobile code and Public Key Infrastructure (PKI) technologies to enable some of their features. The requirements described in this document are designed to implement the applicable Department of Defense (DoD) polices for those technologies. These policies are described in the Use of Mobile Code Technologies in Department of Defense (DoD) Information Systems (later referred to as the DoD Mobile Code Policy) and the Department of Defense Instruction, “Department of Defense (DoD) Public Key Infrastructure (PKI) and Public Key (PK) Enabling documents, as referenced in Appendix B, Related Publications. The requirements and recommendations set forth in this document will assist IAOs and Information Assurance Managers (IAMs) in protecting web browser applications in DoD locations hereafter referred to as sites. The responsible Configuration Control Board (CCB) will approve revisions to site systems that could have a security impact. Therefore, before implementing web browser application security measures, the IAO will submit a change notice to the CCB for review and approval. Although there are a few different operating system platforms for desktop environments, this document addresses Google Chrome running on Microsoft Windows platforms only. This document does not include specific guidance for UNIX, Linux, or Apple desktop environments at this time. This document is based on Google Chrome Browser installation within the Windows family of operating system. This document, and associated STIG, has set forth requirements based upon having a secured Windows environment as described in various other documents. The superset of these requirements can be found in the appropriate Windows STIG, which is also available from the IASE web site. Failure to follow these requirements can significantly diminish the value of many of the specifications in this document. Security controls that are managed through the underlying operating system platform directly affect the strength of the security that surrounds desktop applications.

Checklist Role:

  • Web Browser

Known Issues:

Not Provided

Target Audience:

The requirements and recommendations set forth in this document will assist IAOs and Information Assurance Managers (IAMs) in protecting web browser applications in DoD locations hereafter referred to as sites. The responsible Configuration Control Board (CCB) will approve revisions to site systems that could have a security impact. Therefore, before implementing web browser application security measures, the IAO will submit a change notice to the CCB for review and approval.

Target Operational Environment:

  • Managed
  • Specialized Security-Limited Functionality (SSLF)

Testing Information:

Although there are a few different operating system platforms for desktop environments, this document addresses Google Chrome running on Microsoft Windows platforms only. This document does not include specific guidance for UNIX, Linux, or Apple desktop environments at this time.

Regulatory Compliance:

DoD Directive 8500.1 and DoD Directive 8500.2

Comments/Warnings/Miscellaneous:

Comments or proposed revisions to this document should be sent via e-mail to the following address: disa.stig_spt@mail.mil. DISA Field Security Operations (FSO) will coordinate all change requests with the relevant DoD organizations before inclusion in this document.

Disclaimer:

Not Provided

Product Support:

Comments or proposed revisions to this document should be sent via e-mail to the following address: disa.stig_spt@mail.mil. DISA Field Security Operations (FSO) will coordinate all change requests with the relevant DoD organizations before inclusion in this document.

Point of Contact:

Comments or proposed revisions to this document should be sent via e-mail to the following address: disa.stig_spt@mail.mil. DISA Field Security Operations (FSO) will coordinate all change requests with the relevant DoD organizations before inclusion in this document.

Sponsor:

Not Provided

Licensing:

Not Provided

Change History:

Version 1, Release 2 - 25 July 2014
Version 1, Release 1 - 15 April 2014
Version 1, Release 3 - 27 October 2015
Changed status from "Under Review" to "Final" - 03 December 2015
4/27/2016 - version 1 release 4
moved to FINAL - 6/7/2016
updated to v1, r5 - 7/22/2016
Moved to FINAL - 09/08/2016
Updated STIG to V1, R6 - 10-28-2016
updated to FINAL - 12/07/2016
Updated to v1, r7 - 12/13/2016
Move to FINAL - 1/19/2017
Updated to v1. r8 - 04/24/2017
Updated benchmark - 04/28/2017
Updated to FINAL - 05/30/2017
null
Updated - V1, R 9 - 07/28/2017
null
updated checklist - 11/01/2017
Updated to FINAL - 11/27/2017
updated to v1,r11 - 02/16/2018

Dependency/Requirements:

References:

Reference URL Description

NIST checklist record last modified on 02/18/2018


* This checklist is still undergoing review for inclusion into the NCP.