Skip to content

The 25 Chrome Enterprise security checks Black Cat runs

Black Cat SSPM evaluates 25 security policies against your Chrome Enterprise configuration on every scan, classifies each finding by risk, and provides remediation steps. Below is the full list, grouped by category.

access control

mediumDownload Restrictions Not Set

Configure download restrictions in Chrome Enterprise to block dangerous file types

lowIncognito Mode Allowed

Disable Incognito Mode in Chrome Enterprise to ensure browsing activity is logged

mediumExtension With Excessive Permissions

Review Chrome extensions requesting more than 10 permissions and consider blocking or replacing them

asset management

mediumStale Browser (90+ Days Inactive)

Decommission or re-enroll Chrome browsers that have been inactive for 90 or more days

lowUnmanaged Browser (30+ Days Inactive)

Review and clean up Chrome browser enrollments that have been inactive for 30 or more days

lowOrphaned Extension With Zero Installs

Remove stale extension catalog entries that have zero active installations

mediumBrowser Flagged as Needing Attention

Investigate and resolve the condition causing Chrome to flag the browser as needing attention

configuration

mediumNon-Stable Browser Channel In Use

Restrict Chrome browser channel to stable in Chrome Enterprise settings

mediumBrowser Running Windows 10

Upgrade browsers running on Windows 10 to Windows 11 as Windows 10 reached end of support

highWidespread Outdated Browser Version

Prioritize updating outdated Chrome versions that are deployed on more than 100 devices

lowTelemetry Device Missing OS Version

Investigate telemetry devices not reporting OS version to restore patch compliance visibility

lowBrowser Not Reporting Version

Investigate enrolled browsers not reporting their version to restore update compliance visibility

credential management

mediumPassword Manager Disabled

Enable Chrome built-in Password Manager or ensure an approved enterprise password manager is deployed

device trust

highWidely Deployed Extension With Risky Permissions

Review and restrict Chrome extensions with risky permissions deployed to more than 50 devices

highBrowser Running on Unsupported OS

Upgrade or decommission Chrome-managed devices still running end-of-life Windows versions

highAdmin-Forced Extension With Risky Permissions

Review admin-pushed Chrome extensions that carry high-risk permissions and cannot be removed by users

mediumShadow IT Extension Widely Deployed

Evaluate and either formally approve or block non-managed extensions installed on more than 100 devices

highDevice Running Outdated OS (Telemetry)

Upgrade devices reported via Chrome telemetry that are running end-of-support operating systems

encryption

highDevice Without Disk Encryption

Enable disk encryption on all Chrome Enterprise managed devices

governance

lowStale Extension Request

Review and action Chrome extension requests that have been pending for more than 7 days

patch management

mediumOutdated Browser Version

Update Chrome browser to the latest stable version on affected devices

policy enforcement

mediumBrowser Without Organizational Unit Assignment

Assign all enrolled Chrome browsers to an appropriate organisational unit so they receive managed policies

software management

mediumSideloaded Extension Detected

Remove sideloaded extensions and enforce extension installation policy in Chrome Enterprise

highExtension With Risky Permissions

Block or remove Chrome extensions with risky permissions from managed devices

threat protection

highSafe Browsing Disabled

Enable Safe Browsing in Chrome Enterprise to protect users from malicious sites and downloads

See these checks run on your stack

Start a free 14-day trial — no credit card required.

Start Free Trial