4.3 Ensure 'Allow invocation of file selection dialogs' is set to 'Disabled'

Information

This setting allows access to local files by allowing file selection dialogs in Google Chrome.

The recommended state for this setting is: Disabled (0)

Rationale:

Allowing users to import favorites, upload files, and save links could pose potential security risks by allowing data to be uploaded to external sites or by downloading malicious files. By not allowing the file selection dialog, the end-user will not be prompted for uploads/downloads, preventing data exfiltration and possible system infection by malware.

Impact:

If you disable this setting, users will no longer be prompted when performing actions which would trigger a file selection dialog. Instead, the file selection dialog box assumes the user clicked 'Cancel'. Being as this is not the default behavior, impact to the user will be noticeable, and the user will not be able to upload and download files.

Solution

To establish the recommended configuration via GP, set the following UI path to Disabled:

Computer Configuration\Policies\Administrative Templates\Google\Google Chrome\Allow invocation of file selection dialogs

Default Value:

Unset (Same as Enabled, but user can change)

See Also

https://workbench.cisecurity.org/benchmarks/8691

Item Details

Category: CONFIGURATION MANAGEMENT, SYSTEM AND INFORMATION INTEGRITY

References: 800-53|CM-7, 800-53|CM-7(1), 800-53|SI-7, 800-53|SI-7(1), CSCv7|2.5

Plugin: Windows

Control ID: c15d5e637c1718f3d91710f34bf49958c8bfc671d4e78d246b7de99e6a629a07