Details
This setting controls whether third-party sub-content can open a HTTP Basic Auth dialog and is typically disabled.
The recommended state for this setting is: Disabled (0)
Rationale:
This setting is typically disabled to help combat phishing attempts.
Impact:
None – This is the default behavior.
Solution
To establish the recommended configuration via GP, set the following UI path to Disabled:
Computer ConfigurationPoliciesAdministrative TemplatesGoogleGoogle ChromeHTTP authenticationCross-origin HTTP Authentication prompts
Default Value:
Unset (Same as Disabled, but user can change)
Supportive Information
The following resource is also helpful.
This security hardening control applies to the following category of controls within NIST 800-53: Configuration Management.This control applies to the following type of system Windows.