Notification

Icon
Error

Google Chrome Arbitrary Code Execution Vulnerability Report

Posted: Thursday, May 31, 2018 3:33:13 PM(UTC)
Esben.D

Esben.D

Member Administration Original PosterPosts: 1,982
1
Like
The report below provides an overview of all Windows assets in your Lansweeper installation which have a Google Chrome version not like version 67.%

Please note that if you have Chrome installations above version 67, they will also be displayed in the report.

To update you Google Chrome you can either download the Google Chrome Enterprise bundle for deployment on your network or simply let users update and restart their Google chrome by following these instructions.

Code:
Select Top 1000000 tblAssets.AssetID,
  tblAssets.AssetName,
  tblAssets.Domain,
  tblAssets.Username,
  tblAssets.Userdomain,
  Coalesce(tsysOS.Image, tsysAssetTypes.AssetTypeIcon10) As icon,
  tblAssets.IPAddress,
  tsysIPLocations.IPLocation,
  tblAssetCustom.Manufacturer,
  tblAssetCustom.Model,
  tsysOS.OSname As OS,
  tblAssets.SP,
  tblAssets.Lastseen,
  tblAssets.Lasttried,
  tblSoftwareUni.softwareName As Software,
  tblSoftware.softwareVersion As Version,
  tblSoftwareUni.SoftwarePublisher As Publisher,
  tblSoftware.Lastchanged
From tblAssets
  Inner Join tblAssetCustom On tblAssets.AssetID = tblAssetCustom.AssetID
  Inner Join tsysAssetTypes On tsysAssetTypes.AssetType = tblAssets.Assettype
  Inner Join tsysIPLocations On tsysIPLocations.LocationID =
    tblAssets.LocationID
  Inner Join tblState On tblState.State = tblAssetCustom.State
  Inner Join tblSoftware On tblAssets.AssetID = tblSoftware.AssetID
  Inner Join tblSoftwareUni On tblSoftwareUni.SoftID = tblSoftware.softID
  Left Join tsysOS On tsysOS.OScode = tblAssets.OScode
Where tblSoftwareUni.softwareName = 'Google Chrome' And
  tblSoftware.softwareVersion Not Like '67.%' And tblState.Statename = 'Active'
Order By tblAssets.Domain,
  tblAssets.AssetName,
  Software
dlwhite
#1dlwhite Member Posts: 2  
posted: 6/1/2018 2:48:05 PM(UTC)
I seem to get this error:
Invalid SELECT statement. Unexpected token " Inner" at line 21, pos 1.: Unexpected token " Inner" at line 21, column 1
montgomeryam
#2montgomeryam Member Posts: 3  
posted: 6/1/2018 4:19:18 PM(UTC)
This is also only for Windows Assets. I used UNION to include both Mac and Linux Assets.
ChopperDave
#3ChopperDave Member Posts: 3  
posted: 6/1/2018 5:12:58 PM(UTC)
The way this is pulling the version isn't reliable. The software version is not accurate. You need to add a registry scan for RegPath: SOFTWARE\WOW6432Node\Google\Update\Clients\{8A69D345-D564-463c-AFF1-A69D9E530F96} and RegValue: pv

Then change the report to pull from that:
Code:
Where tblSoftwareUni.softwareName = 'Google Chrome' And
tblRegistry.Value Not Like '67.%' And tblSoftware.softwareVersion Not Like
'67.%' And tblState.Statename = 'Active' And tblRegistry.Regkey Like
'%SOFTWARE\WOW6432Node\Google\Update\Clients\{8A69D345-D564-463c-AFF1-A69D9E530F96}'


Not sure if that works for all versions of Chrome, but it has for all the 66.x and 65.x versions that have been installed at our office.
kjohnson
#4kjohnson Member Posts: 5  
posted: 6/1/2018 5:14:21 PM(UTC)
Originally Posted by: montgomeryam Go to Quoted Post
This is also only for Windows Assets. I used UNION to include both Mac and Linux Assets.


Can you post the code for this please. I am not sure what you mean by you use "UNION". I need to see all vulnerable devices whether Windows, Mac, or Linux on my system and I have all three systems within my environment. Thanks
montgomeryam
#5montgomeryam Member Posts: 3  
posted: 6/1/2018 5:20:08 PM(UTC)
Quote:
Originally Posted by: kjohnson Go to Quoted Post
Originally Posted by: montgomeryam Go to Quoted Post
This is also only for Windows Assets. I used UNION to include both Mac and Linux Assets.


Can you post the code for this please. I am not sure what you mean by you use "UNION". I need to see all vulnerable devices whether Windows, Mac, or Linux on my system and I have all three systems within my environment. Thanks


Happy to!

This is what I did. I fit it to our needs, so it might not be what you want, but should give you a good example of how to use a UNION.

Code:

Select Top 1000000
tblAssets.AssetID,
tblAssets.AssetName,
tsysAssetTypes.AssetTypename As [Asset Type],
Coalesce(tsysOS.Image, tsysAssetTypes.AssetTypeIcon10) As icon,
tblAssets.IPAddress,
tsysOS.OSname As OS,
tblSoftwareUni.softwareName As Software,
tblSoftware.softwareVersion As Version
From tblAssets
Inner Join tblAssetCustom On tblAssets.AssetID = tblAssetCustom.AssetID
Inner Join tsysAssetTypes On tsysAssetTypes.AssetType = tblAssets.Assettype
Inner Join tsysIPLocations On tsysIPLocations.LocationID =
tblAssets.LocationID
Inner Join tblState On tblState.State = tblAssetCustom.State
Inner Join tblSoftware On tblAssets.AssetID = tblSoftware.AssetID
Inner Join tblSoftwareUni On tblSoftwareUni.SoftID = tblSoftware.softID
Left Join tsysOS On tsysOS.OScode = tblAssets.OScode
Where tblSoftwareUni.softwareName = 'Google%Chrome' And
tblSoftware.softwareVersion < '67.%' And tblState.Statename = 'Active'
UNION
Select Top 1000000
tblAssets.AssetID,
tblAssets.AssetName,
tsysAssetTypes.AssetTypename As [Asset Type],
tsysAssetTypes.AssetTypeIcon10 As icon,
tblAssets.IPAddress,
tblMacOSInfo.SystemVersion As OS,
tblSoftwareUni.softwareName As Software,
tblMacApplications.Version As Version
From tblAssets
Inner Join tblMacOSInfo On tblMacOSInfo.AssetID = tblAssets.AssetID
Inner Join tblAssetCustom On tblAssets.AssetID = tblAssetCustom.AssetID
Inner Join tsysAssetTypes On tsysAssetTypes.AssetType = tblAssets.Assettype
Inner Join tsysIPLocations On tsysIPLocations.LocationID =
tblAssets.LocationID
Inner Join tblState On tblState.State = tblAssetCustom.State
Inner Join tblMacApplications
On tblAssets.AssetID = tblMacApplications.AssetID
Inner Join tblSoftwareUni On tblSoftwareUni.SoftID = tblMacApplications.softid
Where tblState.Statename = 'Active'
and
softwareName like 'google%chrome%'
and
Version < '67.%'
UNION
Select Top 1000000
tblAssets.AssetID,
tblAssets.AssetName,
tsysAssetTypes.AssetTypename As [Asset Type],
tsysAssetTypes.AssetTypeIcon10 As icon,
tblAssets.IPAddress,
tblLinuxSystem.OSRelease As OS,
tblSoftwareUni.softwareName As Software,
tblLinuxSoftware.Version As Version
From tblAssets
Inner Join tblAssetCustom On tblAssets.AssetID = tblAssetCustom.AssetID
Inner Join tsysAssetTypes On tsysAssetTypes.AssetType = tblAssets.Assettype
Inner Join tsysIPLocations On tsysIPLocations.LocationID =
tblAssets.LocationID
Inner Join tblState On tblState.State = tblAssetCustom.State
Inner Join tblLinuxSoftware On tblAssets.AssetID = tblLinuxSoftware.AssetID
Inner Join tblSoftwareUni On tblSoftwareUni.SoftID =
tblLinuxSoftware.SoftwareUniID
Inner Join tblLinuxSystem On tblAssets.AssetID = tblLinuxSystem.AssetID
Where tsysAssetTypes.AssetTypename = 'Linux'
And
tblState.Statename = 'Active'
and
softwareName like '%chrome%'
and
tblLinuxSoftware.Version < '67.%'
Esben.D
#6Esben.D Member Administration Original PosterPosts: 1,982  
posted: 6/4/2018 8:29:02 AM(UTC)
Originally Posted by: dlwhite Go to Quoted Post
I seem to get this error:
Invalid SELECT statement. Unexpected token " Inner" at line 21, pos 1.: Unexpected token " Inner" at line 21, column 1


Most likely you accidentally copied a space or other character with the query. Try copying the code again.
Dennis B
#7Dennis B Member Posts: 4  
posted: 6/13/2018 3:04:05 PM(UTC)
When I run this report, it shows all of my desktop PCs and their Chrome versions, even the ones that have updated themselves to a non-vulnerable version.

Is that the intended result of this report? I feel that I created the report correctly - copied / pasted into a new report - or is something not working properly.

Thanks,
montgomeryam
#8montgomeryam Member Posts: 3  
posted: 6/13/2018 3:11:50 PM(UTC)
Originally Posted by: Dennis B Go to Quoted Post
When I run this report, it shows all of my desktop PCs and their Chrome versions, even the ones that have updated themselves to a non-vulnerable version.

Is that the intended result of this report? I feel that I created the report correctly - copied / pasted into a new report - or is something not working properly.

Thanks,



The original report is set to look for anything that is not Chrome 67.% so you will see everything that doesn't match that, including host that have patched past 67.0.

I would recommend to change this line in your report:
Code:
Where tblSoftwareUni.softwareName = 'Google Chrome' And
tblSoftware.softwareVersion Not Like '67.%' And tblState.Statename = 'Active'


to

Code:
Where tblSoftwareUni.softwareName = 'Google Chrome' And
tblSoftware.softwareVersion < '67.%' And tblState.Statename = 'Active'


Esben.D
#9Esben.D Member Administration Original PosterPosts: 1,982  
posted: 6/13/2018 3:51:03 PM(UTC)
Originally Posted by: montgomeryam Go to Quoted Post
The original report is set to look for anything that is not Chrome 67.% so you will see everything that doesn't match that, including host that have patched past 67.0.


Good point. I'll update the main post to make this more clear. However, the official latest release at this moment is still 67.0.3396.87 for which the original report should work fine.
Dennis B
#10Dennis B Member Posts: 4  
posted: 6/13/2018 7:39:07 PM(UTC)
Originally Posted by: montgomeryam Go to Quoted Post
Originally Posted by: Dennis B Go to Quoted Post
When I run this report, it shows all of my desktop PCs and their Chrome versions, even the ones that have updated themselves to a non-vulnerable version.

Is that the intended result of this report? I feel that I created the report correctly - copied / pasted into a new report - or is something not working properly.

Thanks,



The original report is set to look for anything that is not Chrome 67.% so you will see everything that doesn't match that, including host that have patched past 67.0.

I would recommend to change this line in your report:
Code:
Where tblSoftwareUni.softwareName = 'Google Chrome' And
tblSoftware.softwareVersion Not Like '67.%' And tblState.Statename = 'Active'


to

Code:
Where tblSoftwareUni.softwareName = 'Google Chrome' And
tblSoftware.softwareVersion < '67.%' And tblState.Statename = 'Active'




Thanks. I'll give it a try.

Active Discussions

Lansweeper snmp trap HP 1910 switch
by  info  
Go to last post Go to first unread
Last post: Today at 11:52:17 AM(UTC)
Lansweeper Lsagent cloud relay changes the scanserver value
by  ghelpdesk   Go to last post Go to first unread
Last post: Today at 2:45:11 AM(UTC)
Lansweeper Is there a chance to get the firewall off via Lansweeper?
by  RedWood  
Go to last post Go to first unread
Last post: Yesterday at 11:23:31 PM(UTC)
Lansweeper Not working Wake on Lan
by  RedWood   Go to last post Go to first unread
Last post: Yesterday at 11:17:33 PM(UTC)
Lansweeper Wake on Lan Issues
by  RedWood  
Go to last post Go to first unread
Last post: Yesterday at 11:06:12 PM(UTC)
Lansweeper New Web Interface
by  anpatterson03   Go to last post Go to first unread
Last post: Yesterday at 10:05:19 PM(UTC)
Lansweeper LsAgent failing - Lansweeper SSL Expired
by  nlertn-PRE  
Go to last post Go to first unread
Last post: Yesterday at 9:34:12 PM(UTC)