Google Chrome 63 (or later) - Strict Site Isolation - "SitePerProcess" - custom config profile

gokoudes
New Contributor III
New Contributor III

Some background: we've been successfully pushing custom Chrome settings to our Macs using custom config profiles for some time. The original XML/plists have been composed using keys and settings from https://www.chromium.org/administrators/policy-list-3 --

We've had 100% success so far pushing extensions, settings, blocked extensions, etc, but we cannot get this particular setting to enforce.

"SitePerProcess"

We are testing Chrome's Strict Site Isolation setting as a band-aid for Spectre until Google releases a remediated version of Chrome. (Yes, I realize Safari and Firefox are alternatives, but the impetus on this issue comes from our end users, long story.)

Has anyone had issues, in general, using custom config profiles like this for Chrome, and if so, has anyone had luck troubleshooting any non-working profiles? It's usually a syntax thing, and the profile either works or not...

Here's a simple .xml with nothing but that payload. The JSS interprets the file just fine, showing me the key and subsequent value on the profile page, but alas, client computers do not reflect the change.

Any ideas? And thanks in advance for taking a look at this, anyone!

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
    <dict>
    <key>SitePerProcess</key>
            <true />
  </dict>
  </plist>
2 REPLIES 2

BoscoATX
New Contributor III

Working on the same issue. I'm currently trying to use a script via a policy applied once per user triggered at login. I had mixed success so I'm still tweaking it.

#!/bin/sh 
/Applications/Google Chrome.app/Contents/MacOS/Google Chrome --foo --bar=2

BoscoATX
New Contributor III

I ended up using a Config Profile and its working fine. Comparing mine to yours I noticed that your policy value has a space where there shouldn't be one:
<key>SitePerProcess</key>
<true />

Should look like:
<key>SitePerProcess</key>
<true/>
Hope this helps.