4.2.1 Ensure 'Control use of the Serial API' is set to 'Enabled: Do not allow any site to request access to serial ports via the Serial API'

Information

This setting controls website access and use of the system serial port.

Do not allow any site to request access to serial ports via the Serial API (2)

Allow sites to ask the user to grant access to a serial port (3)

The recommended state for this setting is: Do not allow any site to request access to serial ports via the Serial API (2)

NOTE: If more granular control is needed (per website) then this setting can be used in combination with the SerialAllowAllPortsForUrls, SerialAskForUrls and SerialBlockedForUrls settings. For example, SerialAllowAllPortsForUrls can be used to allow serial port access to specific sites. Please see the references below for more information.

Rationale:

Preventing access to system serial ports may prevent malicious sites from using these ports and accessing the devices attached.

Impact:

This setting would also prevent legitimate sites from accessing it as well.

Solution

To establish the recommended configuration via Group Policy, set the following UI path to Enabled: Do not allow any site to request access to serial ports via the Serial API:

Computer Configuration\Administrative Templates\Google\Google Chrome\Content settings\Control use of the Serial API

Default Value:

Unset (Same as Enabled with Allow sites to ask the user to grant access to a serial port, but user can change)

See Also

https://workbench.cisecurity.org/benchmarks/8691

Item Details

Category: CONFIGURATION MANAGEMENT

References: 800-53|CM-6, 800-53|CM-7, CSCv7|9.2

Plugin: Windows

Control ID: 0cab5a7145e41690c85a99def6b860cf8d519ef5a311ce9acd93d1e8a82d92be