V-221572 for Chrome

[kwygant]

V-221572 for Chrome sets the wrong value to apply the setting and does so via a registry edit instead of a policy.

Current value name: CookiesSessionOnlyForUrls

Correct Value name: 1

This should also be changed to allow multiple values, see #1214

Updated Rule for xml file:

<Rule id="V-221572" severity="medium" conversionstatus="pass" title="SRG-APP-000141" dscresource="RegistryPolicyFile">
      <Description>&lt;VulnDiscussion&gt;Each access to a URL is handled by the browser according to the URL's "scheme". The "scheme" of a URL is the section before the ":". The term "protocol" is often mistakenly used for a "scheme". The difference is that the scheme is how the browser handles a URL and the protocol is how the browser communicates with a service.  If a scheme or its associated protocol used by a browser is insecure or obsolete, vulnerabilities can be exploited resulting in exposed data or unrestricted access to the browser's system.   The browser must be configured to disable the use of insecure and obsolete schemas (protocols).
This policy disables the listed protocol schemes in Google Chrome, URLs using a scheme from this list will not load and cannot be navigated to. If this policy is left not set or the list is empty all schemes will be accessible in Google Chrome.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</Description>
      <DuplicateOf />
      <Ensure>Present</Ensure>
      <IsNullOrEmpty>False</IsNullOrEmpty>
      <Key>HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\URLBlocklist</Key>
      <LegacyId>V-44761</LegacyId>
      <OrganizationValueRequired>False</OrganizationValueRequired>
      <OrganizationValueTestString />
      <RawString>Universal method:
1. In the omnibox (address bar) type chrome://policy.
2. If URLBlocklist is not displayed under the Policy Name column or it is not set to javascript://* under the Policy Value column, this is a finding.

Windows method:
1. Start regedit.
2. Navigate to HKLM\Software\Policies\Google\Chrome\URLBlocklist.
3. If the URLBlocklist key does not exist, or the does not contain entries 1 set to javascript://*, this is a finding.

</RawString>
      <ValueData>javascript://*</ValueData>
      <ValueName>1</ValueName>
      <ValueType>String</ValueType>
    </Rule>

[erjenkin]

For this one, we will keep the default value of "1" and "javascript://*" as shown in your example, if users would like to add more urls, an exception with a comma separated list should work

eric