4.10 Ensure 'Import saved passwords from default browser on first run' is set to 'Disabled'

Information

This setting controls if saved passwords from the default browser can be imported (on first run and later manually).

The recommended state for this setting is: Disabled (0)

Rationale:

In Chrome, passwords can be stored in plain-text and revealed by clicking the 'show' button next to the password field by going to chrome://settings/passwords/.

Impact:

If this setting is disabled, saved passwords from other browsers are not imported.

Solution

To establish the recommended configuration via Group Policy, set the following UI path to Disabled:

Computer Configuration\Administrative Templates\Google\Google Chrome\Import saved passwords from default browser on first run

Default Value:

Unset (Same as Enabled, but user can change)

See Also

https://workbench.cisecurity.org/benchmarks/8691

Item Details

Category: SYSTEM AND INFORMATION INTEGRITY

References: 800-53|SI-8, CSCv7|4.8

Plugin: Windows

Control ID: 33b9652c597a7e76841e2597b3cfa2a933617bd946e2a14b9711f499bbbf3eb4