2.16 Ensure 'Proxy settings' is set to 'Enabled' and does not contain 'ProxyMode': 'auto_detect'

Information

Google Chrome offers the functionality to configure the proxy settings by automatic discovery using WPAD (Web Proxy Auto-Discovery Protocol). Setting this configures the proxy settings for Chrome and ARC-apps, which ignore all proxy-related options specified from the command line.

Disabled (0): Lets users choose their proxy settings.

The recommended state for this setting is: Enabled and the value of ProxyMode is not set to auto_detect

Rationale:

Attackers may abuse the WPAD auto-config functionality to supply computers with a PAC file that specifies a rogue web proxy under their control.

Impact:

If the policy is enabled, the proxy configuration will no longer be discovered using WPAD.

Solution

To establish the recommended configuration via Group Policy, make sure the following UI path is set to 'Enabled' and the value of ProxyMode is not set to auto_detect:

Computer Configuration\Polices\Administrative Templates\Google\Google Chrome\Proxy settings




Default Value:

Unset (Same as Disabled, and users can change)

See Also

https://workbench.cisecurity.org/files/3653