Details
This setting specifies a list of URLs or patterns which local IP address will be exposed by WebRTC.
The recommended state for this setting is: Disabled (0)
NOTE: This setting, if Enabled, weakens the protection of local IPs if needed by administrators.
Rationale:
Enabling this setting and allowing exposure of IP addresses can allow an attacker to gather information about the internal network that could potentially be utilized to breach and traverse a network.
Impact:
None – This is the default behavior.
Solution
To establish the recommended configuration via GP, set the following UI path to Disabled:
Computer ConfigurationPoliciesAdministrative TemplatesGoogleGoogle ChromeURLs for which local IPs are exposed in WebRTC ICE candidates
Default Value:
Unset (Same as Disabled, but user can change)
Supportive Information
The following resource is also helpful.
This security hardening control applies to the following category of controls within NIST 800-53: Configuration Management.This control applies to the following type of system Windows.