Details
Enabling this setting allows you to specify which app/extensions types are allowed.
Disabled (0): Results in no restrictions on the acceptable extension and app types.
The recommended state for this setting is: Enabled with the values of extension, hosted_app, platform_app, theme
Rationale:
App or extension types that could be misused or are deprecated shall no longer be installed.
NOTE: Google has removed support for Chrome Apps which includes the types hosted_app and platform_app. The blog post indicates that these types will require a setting to be enabled for continued use through June 2022.
Impact:
Extensions already installed will be removed if it’s type is denylisted and the extension itself is not allowlisted.
Solution
To establish the recommended configuration via Group Policy, set the following UI path to Enabled: extension, hosted_app, platform_app, theme:
Computer ConfigurationPolicesAdministrative TemplatesGoogleGoogle ChromeExtensionsConfigure allowed app/extension types
Default Value:
Unset (Same as Disabled, but user can change)
Supportive Information
The following resource is also helpful.
This security hardening control applies to the following category of controls within NIST 800-53: Configuration Management.This control applies to the following type of system Windows.