1.27 Ensure 'Suppress lookalike domain warnings on domains' is set to 'Disabled'

Information

This setting prevents the display of lookalike URL warnings on the sites listed. These warnings are typically shown on sites that Google Chrome believes might be trying to spoof another site with which the user is familiar.

Disabled (0) or set to an empty list: Warnings may appear on any site the user visits.

Enabled (1) and set to one or more domains: No lookalike warnings pages will be shown when the user visits pages on that domain.

The recommended state for this setting is: Disabled (0)

Rationale:

Look-alike domains are intentionally misleading to give users the false impression that they're interacting with trusted brands, leading to significant reputation damage, financial losses, and data compromise for established enterprises.

In addition, this technique is commonly used to host phishing sites, and often leads to account takeover attacks. Users are prompted to enter their credentials on a fake website, and scammers take control of their online accounts with little effort to engage in fraudulent activity.

Impact:

None - This is the default behavior.

NOTE: The only real impact is possible user annoyance if they are going to a legitimate site that is falsely considered fraudulent (a rare occurrence). This can be handled by adding the site to the allowlist and/or notifying Google of the false finding.

Solution

To establish the recommended configuration via Group Policy, set the following UI path to Disabled:

Computer Configuration\Policies\Administrative Templates\Google\Google Chrome\Suppress lookalike domain warnings on domains

Default Value:

Unset (Same as Disabled, but user can change)

See Also

https://workbench.cisecurity.org/benchmarks/8691

Item Details

Category: SYSTEM AND COMMUNICATIONS PROTECTION

References: 800-53|SC-7(3), 800-53|SC-7(4), CSCv7|7.4

Plugin: Windows

Control ID: 3bc29a269dc775f0140cbcc738c4728e171cc8a3d8bcff6aa48192765f465e76