| Vuln ID | Severity | Asset | STIG | Title | Status | Doc Status | Assigned To | Actions |
|---|---|---|---|---|---|---|---|---|
| V-221572 | CAT II | MONT-WS-92040 | Google Chrome Current Windows Security T... | The URL protocol schema javascript must be disable... | - | |||
Check TextUniversal method: 1. In the omnibox (address bar) type chrome://policy. 2. If URLBlocklist is not displayed under the Policy Name column or it is not set to javascript://* under the Policy Value column, this is a finding. Windows method: 1. Start regedit. 2. Navigate to HKLM\Software\Policies\Google\Chrome\URLBlocklist. 3. If the URLBlocklist key does not exist, or the does not contain entries 1 set to javascript://*, this is a finding. Fix TextWindows group policy: 1. Open the group policy editor tool with gpedit.msc. 2. Navigate to Policy Path: Computer Configuration\Administrative Templates\Google\Google Chrome\ Policy Name: Block access to a list of URLs. - Policy State: Enabled - Policy Value 1: javascript://* Finding DetailsEvaluate-STIG 1.2507.5 (Scan-GoogleChrome_Checks) found this to be NOT A FINDING on 10/23/2025 ResultHash: DAEDE8A412B63ACCA5E9A968BCDCD657B7551F62 ~~~~~ 'Block access to a list of URLs' is Configured Registry Path: HKLM:\SOFTWARE\Policies\Google\Chrome\URLBlocklist Value Name: 1 Value: javascript://* Type: REG_SZ
Source: _Reviewed/MONT-WS-92040/Checklist/MONT-WS-92040_Chrome_V2R11_20251023-142120.ckl
Scan Date: 2026-01-14T12:57:25.338171
Technology Area: Windows Operating System
|
||||||||
| V-221572 | CAT II | MONT-WS-92010 | Google Chrome Current Windows Security T... | The URL protocol schema javascript must be disable... | - | |||
Check TextUniversal method: 1. In the omnibox (address bar) type chrome://policy. 2. If URLBlocklist is not displayed under the Policy Name column or it is not set to javascript://* under the Policy Value column, this is a finding. Windows method: 1. Start regedit. 2. Navigate to HKLM\Software\Policies\Google\Chrome\URLBlocklist. 3. If the URLBlocklist key does not exist, or the does not contain entries 1 set to javascript://*, this is a finding. Fix TextWindows group policy: 1. Open the group policy editor tool with gpedit.msc. 2. Navigate to Policy Path: Computer Configuration\Administrative Templates\Google\Google Chrome\ Policy Name: Block access to a list of URLs. - Policy State: Enabled - Policy Value 1: javascript://* Finding DetailsEvaluate-STIG 1.2507.5 (Scan-GoogleChrome_Checks) found this to be NOT A FINDING on 10/23/2025 ResultHash: DAEDE8A412B63ACCA5E9A968BCDCD657B7551F62 ~~~~~ 'Block access to a list of URLs' is Configured Registry Path: HKLM:\SOFTWARE\Policies\Google\Chrome\URLBlocklist Value Name: 1 Value: javascript://* Type: REG_SZ
Source: _Reviewed/MONT-WS-92010/Checklist/MONT-WS-92010_Chrome_V2R11_20251023-140804.ckl
Scan Date: 2026-01-14T12:57:27.625294
Technology Area: Windows Operating System
|
||||||||
| V-221572 | CAT II | MONT-SW-89108 | Google Chrome Current Windows Security T... | The URL protocol schema javascript must be disable... | - | |||
Check TextUniversal method: 1. In the omnibox (address bar) type chrome://policy. 2. If URLBlocklist is not displayed under the Policy Name column or it is not set to javascript://* under the Policy Value column, this is a finding. Windows method: 1. Start regedit. 2. Navigate to HKLM\Software\Policies\Google\Chrome\URLBlocklist. 3. If the URLBlocklist key does not exist, or the does not contain entries 1 set to javascript://*, this is a finding. Fix TextWindows group policy: 1. Open the group policy editor tool with gpedit.msc. 2. Navigate to Policy Path: Computer Configuration\Administrative Templates\Google\Google Chrome\ Policy Name: Block access to a list of URLs. - Policy State: Enabled - Policy Value 1: javascript://* Finding DetailsEvaluate-STIG 1.2510.0 (Scan-GoogleChrome_Checks) found this to be NOT A FINDING on 12/17/2025 ResultHash: DAEDE8A412B63ACCA5E9A968BCDCD657B7551F62 ~~~~~ 'Block access to a list of URLs' is Configured Registry Path: HKLM:\SOFTWARE\Policies\Google\Chrome\URLBlocklist Value Name: 1 Value: javascript://* Type: REG_SZ
Source: MONT-SW-89108_Chrome_V2R11_20251217-202759.ckl
Scan Date: 2026-03-04T15:25:15.778437
Technology Area: Windows Operating System
|
||||||||
| V-221572 | CAT II | MONT-SW-89134 | Google Chrome Current Windows Security T... | The URL protocol schema javascript must be disable... | - | |||
Check TextUniversal method: 1. In the omnibox (address bar) type chrome://policy. 2. If URLBlocklist is not displayed under the Policy Name column or it is not set to javascript://* under the Policy Value column, this is a finding. Windows method: 1. Start regedit. 2. Navigate to HKLM\Software\Policies\Google\Chrome\URLBlocklist. 3. If the URLBlocklist key does not exist, or the does not contain entries 1 set to javascript://*, this is a finding. Fix TextWindows group policy: 1. Open the group policy editor tool with gpedit.msc. 2. Navigate to Policy Path: Computer Configuration\Administrative Templates\Google\Google Chrome\ Policy Name: Block access to a list of URLs. - Policy State: Enabled - Policy Value 1: javascript://* Finding DetailsEvaluate-STIG 1.2510.0 (Scan-GoogleChrome_Checks) found this to be NOT A FINDING on 12/17/2025 ResultHash: DAEDE8A412B63ACCA5E9A968BCDCD657B7551F62 ~~~~~ 'Block access to a list of URLs' is Configured Registry Path: HKLM:\SOFTWARE\Policies\Google\Chrome\URLBlocklist Value Name: 1 Value: javascript://* Type: REG_SZ
Source: MONT-SW-89134_Chrome_V2R11_20251217-200930.ckl
Scan Date: 2026-03-04T15:25:41.812659
Technology Area: Windows Operating System
|
||||||||