2.3.2 Ensure 'Configure allowed app/extension types' is set to 'Enabled: extension, hosted_app, platform_app, theme' - extension

Information

Enabling this setting allows you to specify which app/extension types are allowed.

Disabled (0): Results in no restrictions on the acceptable extension and app types.

The recommended state for this setting is: Enabled with the values of extension, hosted_app, platform_app, theme.

Rationale:

App or extension types that could be misused or are deprecated shall no longer be installed.

NOTE: Google has removed support for Chrome Apps which includes the types hosted_app and platform_app. The blog post indicates that these types will require a setting to be enabled for continued use through June 2022.

Impact:

Extensions already installed will be removed if its type is denylisted and the extension itself is not allowlisted.

Solution

To establish the recommended configuration via Group Policy, set the following UI path to Enabled: extension, hosted_app, platform_app, theme:

Computer Configuration\Polices\Administrative Templates\Google\Google Chrome\Extensions\Configure allowed app/extension types

Default Value:

Unset (Same as Disabled, but user can change)

See Also

https://workbench.cisecurity.org/benchmarks/8691

Item Details

Category: CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION

References: 800-53|CM-10, 800-53|CM-11, 800-53|SC-18, CSCv7|7.2

Plugin: Windows

Control ID: c56a750b9677424d430dbca1651059f5c05dc85a7043bf9a242243362440234e