Details
Allows you to specify which native messaging hosts that should not be loaded.
Disabled (0): Google Chrome will load all installed native messaging hosts.
The recommended state for this setting is: Enabled with a value of *
NOTE: This needs to be handled carefully. If an extension is enabled, yet can’t communicate with its backend code, it could behave in strange ways which results in helpdesk tickets + support load.
Rationale:
For consistency with Plugin and Extension policies, native messaging should be blocklisted by default, requiring explicit administrative approval of applications for allowlisting. Examples of applications that use native messaging is the 1Password password manager.
Impact:
A blocklist value of ‘*’ means all native messaging hosts are blocklisted unless they are explicitly listed in the allowlist.
Solution
To establish the recommended configuration via Group Policy, set the following UI path to Enabled: * specified.
Computer ConfigurationPolicesAdministrative TemplatesGoogle ChromeNative MessagingConfigure native messaging blocklist
Default Value:
Unset (Same as Disabled, and users can change)
Supportive Information
The following resource is also helpful.
This security hardening control applies to the following category of controls within NIST 800-53: Configuration Management.This control applies to the following type of system Windows.