Details

Cookies set by pages matching these URL patterns will be limited to the current session, i.e. they will be deleted when the browser exits.

For URLs not covered by the patterns specified here, or for all URLs if this policy is not set, the global default value will be used either from the ‘DefaultCookiesSetting’ policy, if it is set, or the user’s personal configuration otherwise.

Solution

Windows group policy:
1. Open the group policy editor tool with gpedit.msc
2. Navigate to Policy Path: Computer ConfigurationAdministrative TemplatesGoogleGoogle ChromeContent Settings.
– Policy Name: Limit cookies from matching URLs to the current session
– Policy State: Disabled
– Policy Value: N/A

Supportive Information

The following resource is also helpful.

• https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_Google_Chrome_V2R4_STIG.zip

This security hardening control applies to the following category of controls within NIST 800-53: Audit and Accountability.This control applies to the following type of system Windows.

References

• 800-53|AU-10
• CAT|II
• CCI|CCI-000166
• Rule-ID|SV-245539r769360_rule
• STIG-ID|DTBC-0045
• STIG-Legacy|SV-57633
• STIG-Legacy|V-44799
• Vuln-ID|V-245539

Source

• Tenable.com/audits