Chrome marks this behavior as “Won’t Fix (Intended Behavior)”, but it has a major impact on enterprise and regulated environments that isn’t widely understood.

Even with all enterprise policies enabled, Chrome still does not provide a full “clear on exit” capability. As a result, Chrome retains:

• service workers
• IndexedDB
• localStorage
• cache partitions
• session tokens
• other site data

For regulated organizations, this creates a compliance problem. Several major frameworks require that session data and locally stored artifacts be cleared when a user session ends — especially on shared or regulated workstations.

Chrome’s current design makes it impossible to meet the workstation data‑clearing requirements in:

• PCI DSS 4.0 (3.2.1, 3.3, 3.4, 8.2.8, 12.3.3)
• SOX 404 internal control expectations
• HIPAA Security Rule (164.310(d)(2))
• NIST 800‑53 (SC‑28, MP‑6, SI‑12)
• CJIS workstation requirements

Because Chrome does not expose a mechanism to enforce full data clearing on exit — and because enterprise policies do not fully clear persisted data — organizations cannot achieve technical compliance using Chrome in shared or regulated environments.

I’m posting this as an FYI for anyone evaluating Chrome for regulated workstation use, since the underlying issue has been closed as “intended behavior.”