1.1.1 Ensure 'Cross-origin HTTP Authentication prompts' is set to 'Disabled'

Information

This setting controls whether third-party sub-content can open a HTTP Basic Auth dialog and is typically disabled.

The recommended state for this setting is: Disabled (0)

Rationale:

This setting is typically disabled to help combat phishing attempts.

Impact:

None - This is the default behavior.

Solution

To establish the recommended configuration via Group Policy, set the following UI path to Disabled:

Computer Configuration\Policies\Administrative Templates\Google\Google Chrome\HTTP authentication\Cross-origin HTTP Authentication prompts

Default Value:

Unset (Same as Disabled, but user can change)

See Also

https://workbench.cisecurity.org/benchmarks/8691

Item Details

Category: CONFIGURATION MANAGEMENT

References: 800-53|CM-7b.

Plugin: Windows

Control ID: c0f741e9893480ace504cd1ea7cb27dc1a52bf8c25e01865ebf102ce831a189f