Details
Google Chrome can block certain types of downloads, and won’t let users bypass the security warnings, depending on the classification of Safe Browsing.
No special restrictions (0, Disabled)
Block dangerous downloads (1)
Block potentially dangerous downloads (2)
Block all downloads (3)
Block malicious downloads (4)
The recommended state for this setting is: Enabled with a value of Block dangerous downloads (1)
NOTE: These restrictions apply to downloads triggered from webpage content, as well as the Download link… menu option. They don’t apply to the download of the currently displayed page or to saving as PDF from the printing options.
Rationale:
Users shall be prevented from downloading certain types of files, and shall not be able to bypass security warnings.
Impact:
If this setting is enabled, all downloads are allowed, except for those that carry Safe Browsing warnings. These are downloads that have been identified as risky or from a risky source by the Google Safe Browsing Global intelligence engine.
Solution
To establish the recommended configuration via Group Policy, set the following UI path to Enabled: Block dangerous downloads:
Computer ConfigurationPolicesAdministrative TemplatesGoogleGoogle ChromeAllow download restrictions
Default Value:
Unset (Same as Disabled, but user can change)
Supportive Information
The following resource is also helpful.
This security hardening control applies to the following category of controls within NIST 800-53: System and Communications Protection.This control applies to the following type of system Windows.