Details
This setting allows access to local files by allowing file selection dialogs in Google Chrome.
The recommended state for this setting is: Disabled (0)
Rationale:
Allowing users to import favorites, uploading files, and savings links could pose potential security risks by allowing data to be uploaded to external sites or by downloading malicious files. By not allowing the file selection dialog the end-user will not be prompted for uploads/downloads preventing data exfiltration and possible system infection by malware.
Impact:
If you disable this setting users will no longer be prompted when performing actions which would trigger a file selection dialog. Instead, the file selection dialog box assumes the user clicked ‘Cancel’. Being as this is not the default behavior, impact to the user will be noticeable, and the user will not be able to upload and download files.
Solution
To establish the recommended configuration via GP, set the following UI path to Disabled:
Computer ConfigurationPoliciesAdministrative TemplatesGoogleGoogle ChromeAllow invocation of file selection dialogs
Default Value:
Unset (Same as Enabled, but user can change)
Supportive Information
The following resource is also helpful.
This security hardening control applies to the following category of controls within NIST 800-53: Configuration Management.This control applies to the following type of system Windows.