3.6 Ensure 'Control how Chrome Cleanup reports data to Google' is set to 'Disabled'

Information

Chrome provides a Cleanup feature to detect unwanted software. If this setting is Enabled, the results of the cleanup may be shared with Google (based on the setting of SafeBrowsingExtendedReportingEnabled) to assist with future unwanted software detection. These results will contain file metadata, automatically installed extensions, and registry keys.

If the setting is Disabled, the results of the cleanup will not be shared with Google regardless of the value of SafeBrowsingExtendedReportingEnabled.

The recommended state for this setting is: Disabled (0)

NOTE: This setting is not available on Windows instances that are not joined to a Microsoft Active Directory domain.

Rationale:

Anonymous crash/usage data can be used to identify people, companies, and information, which can be considered data ex-filtration from company systems.

Impact:

Chrome Cleanup detected unwanted software and will no longer report metadata about the scan to Google.

Solution

To establish the recommended configuration via Group Policy, set the
following UI path to Disabled:

Computer Configuration\Administrative Templates\Google\Google Chrome\Control how Chrome Cleanup reports data to Google

Default Value:

Unset (Same as Enabled, but user can change)

See Also

https://workbench.cisecurity.org/benchmarks/8691

Item Details

Category: SYSTEM AND INFORMATION INTEGRITY

References: 800-53|SI-8, CSCv7|4.8

Plugin: Windows

Control ID: 7690945f1da8f72281816214f8a3618cae66039a4c6f4991dd47504f5fff0a2b