Security Incident Response

If you think you have or know you have a Security Incident please fill in the form and our experienced Onevinn CSIRT team will reach out shortly.
The team has long experience in supporting customers in Incident Response and Compromised Recovery.
Keep calm and we will be with you shortly!

Jörgen Nilsson 14 Feb 2020
1 min

New Group Policies in Edge Chromium 80

With a new version of Edge Chromium there is of course new setting we can do = new ADMX/AMDL files. It is important for admin to keep up so even if we allow auto-update of Edge Chromium there is still work that needs to be done for every new release.

This is the new Group policy settings I found that is new for Edge Chromium 80 and 81.

New Group Policy settings in Edge Chromium 80 and later

Setting Description
DefaultInsecureContentSetting Control use of insecure content exceptions
InsecureContentAllowedForUrls Allow insecure content on specified sites
InsecureContentBlockedForUrls Control use of insecure content exceptions
LegacySameSiteCookieBehaviorEnabled Enable default legacy SameSite cookie behavior setting
LegacySameSiteCookieBehaviorEnabledForDomainList Revert to legacy SameSite behavior for cookies on specified sites
SmartScreenPuaEnabled Configure Microsoft Defender SmartScreen to block potentially unwanted apps
AlternateErrorPagesEnabled Suggest similar pages when a webpage can’t be found
DNSInterceptionChecksEnabled DNS interception checks enabled
HideFirstRunExperience Hide the First-run experience and splash screen
PaymentMethodQueryEnabled Allow websites to query for available payment methods
PersonalizationReportingEnabled Allow personalization of ads, search and news by sending browsing history to Microsoft
PinningWizardAllowed Allow Pin to taskbar wizard
TotalMemoryLimitMb Set limit on megabytes of memory a single Microsoft Edge instance can use.
WebAppInstallForceLisl Configure list of force-installed Web Apps
WebRtcLocalIpsAllowedUrls Manage exposure of local IP addressess by WebRTC

New Group Policy settings in Edge Chromium 81 and later

Setting Description
GloballyScopeHTTPAuthCacheEnabled Enable globally scoped HTTP auth cache
AmbientAuthenticationInPrivateModesEnabled Enable Ambient Authentication for InPrivate and Guest profiles
AudioSandboxEnabled Allow the audio sandbox to run
ImportCookies Allow importing of Cookies
ImportExtensions Allow importing of extensions
ImportShortcuts Allow importing of shortcuts
InternetExplorerIntegrationSiteRedirect Specify how “in-page” navigations to unconfigured sites behave when started from Internet Explorer mode pages
OmniboxMSBProviderEnabled Enable Microsoft Search for Business provider in omnibox
StricterMixedContentTreatmentEnabled Enable stricter treatment for mixed content
TLS13HardeningForLocalAnchorsEnabled Enable a TLS 1.3 security feature for local trust anchors

Deprecated – removed in future releases

Setting Description
ForceLegacyDefaultReferrerPolicy Use a default referrer policy of no-referrer-when-downgrade.
WebComponentsV0Enabled Re-enable Web Components v0 API until M84.

This one is really nice,”Hide the First-run experience and splash screen” no more first-run experience and splash screen!

“Configure Microsoft Defender SmartScreen to block potentially unwanted apps” is a great addition.

Lesson learned, admin need to keep track and update the .ADMX/ADML for every new release and keep an eye on deprecated settings as well.

Reference =