3.9 Ensure 'Enable deleting browser and download history' is set to 'Disabled'

Information

Google Chrome can delete the browser and download history using the clear browsing data menu.

The recommended state for this setting is: Disabled (0)

NOTE: Even when this setting is disabled, the browsing and download history aren't guaranteed to be retained. Users can edit or delete the history database files directly, and the browser itself may remove (based on expiration period) or archive any or all history items at any time

Rationale:

If users can delete websites they have visited or files they have downloaded it will be easier for them to hide evidence that they have visited unauthorized or malicious sites.

Impact:

If this setting is disabled, browsing and download history cannot be deleted by using the clear browsing data menu.

Solution

To establish the recommended configuration via Group Policy, set the following UI path to Disabled:

Computer Configuration\Administrative Templates\Google\Google Chrome\Enable deleting browser and download history

Default Value:

Unset (Same as Enabled, but user can change)

See Also

https://workbench.cisecurity.org/benchmarks/8691

Item Details

Category: SYSTEM AND INFORMATION INTEGRITY

References: 800-53|SI-8, CSCv7|4.8

Plugin: Windows

Control ID: 3a0a160569f1bf3157a7aba20ab3a2be3f72e39aa2b2b04da32e4cb45063df35