STIGhubSTIGhub
STIGsSearchCompare

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

  • Browse STIGs
  • Search
  • Compare Versions

Resources

  • About
  • Release Notes
  • VPAT
  • DISA STIG Library
STIGs updated 3 hours ago
Powered by Pylon
© 2026 Beacon Cloud Solutions, Inc. All rights reserved.
← Back to Google Chrome Current Windows Security Technical Implementation Guide

V-221577

CAT II (Medium)

Importing of saved passwords must be disabled.

Rule ID

SV-221577r960963_rule

STIG

Google Chrome Current Windows Security Technical Implementation Guide

Version

V2R11

CCIs

CCI-000381

Discussion

Importing of saved passwords should be disabled as it could lead to unencrypted account passwords stored on the system from another browser to be viewed. This policy forces the saved passwords to be imported from the previous default browser if enabled. If enabled, this policy also affects the import dialog. If disabled, the saved passwords are not imported. If it is not set, the user may be asked whether to import, or importing may happen automatically.

Check Content

Universal method:        
   1. In the omnibox (address bar) type chrome://policy        
   2. If ImportSavedPasswords is not displayed under the Policy Name column or it is not set to false under the Policy Value column, then this is a finding.

Windows method:
   1. Start regedit
   2. Navigate to HKLM\Software\Policies\Google\Chrome\
   3. If the ImportSavedPasswords value name does not exist or its value data is not set to 0, then this is a finding.

Fix Text

Windows group policy:
   1. Open the group policy editor tool with gpedit.msc   
   2. Navigate to Policy Path: Computer Configuration\Administrative Templates\Google\Google Chrome\
   Policy Name: Import saved passwords from default browser on first run
   Policy State: Disabled
   Policy Value: N/A