Details
Chrome allows the configuration of a list domain(s) that are allowed to access the user’s system. When enabled, remote systems can only connect if they are one of specified domains listed.
Setting this to an empty list (Disabled) allows remote systems from any domain to connect to this users system.
The recommended state for this setting is: Enabled (1) and at least one domain set
NOTE: The list of domains is organization specific.
Rationale:
Remote assistance connections shall be restricted.
Impact:
If this setting is enabled, only systems from the specified domains can connect to the user’s system.
Solution
To establish the recommended configuration via Group Policy, set the following UI path to Enabled and enter an organizational specific domain(s) (e.g. nodomain.local):
Computer ConfigurationPolicesAdministrative TemplatesGoogleGoogle ChromeRemote accessConfigure the required domain names for remote access clients
Default Value:
Unset (Same as Disabled, but user can change)
Supportive Information
The following resource is also helpful.
This security hardening control applies to the following category of controls within NIST 800-53: Access Control.This control applies to the following type of system Windows.