Details
Google Chrome’s Component Updater updates several components of Google Chrome on a regular basis (applies only to Chrome browser components).
The recommended state for this setting is: Enabled (1)
NOTE: Updates to any component that does not contain executable code, does not significantly alter the behavior of the browser, or is critical for its security will not be disabled (E.g. certificate revocation lists and Safe Browsing data is updated regardless of this setting). FYI chrome://components lists all components, but not if they are are affected by this settings.
NOTE: Google provided the following list of ‘some of the components’ controlled by this settings:
Recovery component
Pnacl
Floc
Optimization hints
SSL error assistant
CRL set
Origin trials
SW reporter
PKI metadata
Rationale:
Google Chrome Updater shall be used to keep the components bundled to Chrome up-to-date.
Impact:
None – This is the default behavior.
Solution
To establish the recommended configuration via Group Policy, set the following UI path to Enabled:
Computer ConfigurationPoliciesAdministrative TemplatesGoogleGoogle ChromeEnable component updates in Google Chrome
Default Value:
Unset (Same as Enabled, but user can change)
Supportive Information
The following resource is also helpful.
This security hardening control applies to the following category of controls within NIST 800-53: System and Information Integrity.This control applies to the following type of system Windows.