1.29 Ensure 'URLs for which local IPs are exposed in WebRTC ICE candidates' is set to 'Disabled'

Information

This setting specifies a list of URLs or patterns for which local IP addresses will be exposed by WebRTC.

The recommended state for this setting is: Disabled (0)

NOTE: This setting, if Enabled, weakens the protection of local IPs if needed by administrators.

Rationale:

Enabling this setting and allowing exposure of IP addresses can allow an attacker to gather information about the internal network that could potentially be utilized to breach and traverse a network.

Impact:

None - This is the default behavior.

Solution

To establish the recommended configuration via Group Policy, set the following UI path to Disabled:

Computer Configuration\Policies\Administrative Templates\Google\Google Chrome\URLs for which local IPs are exposed in WebRTC ICE candidates

Default Value:

Unset (Same as Disabled, but user can change)

See Also

https://workbench.cisecurity.org/benchmarks/8691

Item Details

Category: SYSTEM AND INFORMATION INTEGRITY

References: 800-53|SI-8, CSCv7|4.8

Plugin: Windows

Control ID: 796d4e80643f005a32475ded1a40299d53493071a9b3bc4bb1fade6dba588101