Download restrictions must be configured.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
| V-221588 | DTBC-0055 | SV-221588r1106670_rule | Medium |
| Description |
| Setting the policy means users cannot bypass download security decisions. There are many types of download warnings within Chrome, which roughly break down into these categories: - Malicious, as flagged by the Safe Browsing server. - Uncommon or unwanted, as flagged by the Safe Browsing server. - A dangerous file type (e.g., all SWF downloads and many EXE downloads). Setting the policy blocks different subsets of these, depending on its value: 0 = No special restrictions. Default. 1 = Block malicious downloads and dangerous file types. 2 = Block malicious downloads, uncommon or unwanted downloads, and dangerous file types. 3 = Block all downloads. 4 = Block malicious downloads. Recommended. |
| STIG | Date |
| Google Chrome Current Windows Security Technical Implementation Guide | 2025-05-15 |
Details
| Check Text (C-23303r1106598_chk) |
| If the system is on the SIPRNet, this requirement is Not Applicable. Universal method: 1. In the omnibox (address bar) type "chrome:// policy". 2. If "DownloadRestrictions" is not displayed under the "Policy Name" column or it is set to "0", this is a finding. Windows method: 1. Start "regedit". 2. Navigate to "HKLM\Software\Policies\Google\Chrome\". 3. If the "DownloadRestrictions" value name does not exist or its value data is set to "0", this is a finding. |
| Fix Text (F-23292r1106599_fix) |
| If the system is on the SIPRNet, this requirement is Not Applicable. Windows group policy: 1. Open the group policy editor tool with gpedit.msc. 2. Navigate to Policy Path: Computer Configuration\Administrative Templates\Google\Google Chrome\ Policy Name: Allow download restrictions Policy State: 1, 2, or 4 Policy Value: N/A |