Free DISA STIG and SRG Library | Vaulted

V-44771

Metrics reporting to Google must be disabled.

Finding ID
DTBC-0026
Rule ID
SV-57605r2_rule57605r3_rule
Severity
Cat II
CCE
(None)
Group Title
DTBC0026 - Metrics reporting
CCI
CCI-000381
Target Key
(None)
Documentable
No
Discussion

Enables anonymous reporting of usage and crash-related data about Google Chrome to Google and prevents users from changing this setting. If you enable this setting, anonymous reporting of usage and crash-related data is sent to Google. A crash report could contain sensitive information from the computer's memory. If you disable this setting, anonymous reporting of usage and crash-related data is never sent to Google. If you enable or disable this setting, users cannot change or override this setting in Google Chrome. If this policy is left not set the setting will be what the user chose upon installation / first run.

Fix Text

Windows group policy: 1. Open the group policy editor tool with gpedit.msc 2. Navigate to Policy Path: Computer Configuration\Administrative Templates\Google\Google Chrome\ Policy Name: Enable reporting of usage and crash-related data Policy State: Disabled Policy Value: N/A

Check Content

Universal method: 1. In the omnibox (address bar) type chrome://policy 2. If MetricsReportingEnabled is not displayed under the Policy Name column or it is not set to false under the Policy Value column, then this is a finding. Windows method: 1. Start regedit 2. Navigate to HKLM\Software\Policies\Google\Chrome\ 3. If the MetricsReportingEnabled value name does not exist or its value data is not set to 0, then this is a finding. Note: This policy will only display in the chrome://policy tab on domain joined systems. On standalone systems, the policy will not display.