Notification

Icon
Error

Google Chrome Arbitrary Code Execution Vulnerability Report

Posted: Thursday, May 31, 2018 3:33:13 PM(UTC)
Esben.D

Esben.D

Member Administration Original PosterPosts: 1,933
1
Like
The report below provides an overview of all Windows assets in your Lansweeper installation which have a Google Chrome version not like version 67.%

Please note that if you have Chrome installations above version 67, they will also be displayed in the report.

To update you Google Chrome you can either download the Google Chrome Enterprise bundle for deployment on your network or simply let users update and restart their Google chrome by following these instructions.

Code:
Select Top 1000000 tblAssets.AssetID,
  tblAssets.AssetName,
  tblAssets.Domain,
  tblAssets.Username,
  tblAssets.Userdomain,
  Coalesce(tsysOS.Image, tsysAssetTypes.AssetTypeIcon10) As icon,
  tblAssets.IPAddress,
  tsysIPLocations.IPLocation,
  tblAssetCustom.Manufacturer,
  tblAssetCustom.Model,
  tsysOS.OSname As OS,
  tblAssets.SP,
  tblAssets.Lastseen,
  tblAssets.Lasttried,
  tblSoftwareUni.softwareName As Software,
  tblSoftware.softwareVersion As Version,
  tblSoftwareUni.SoftwarePublisher As Publisher,
  tblSoftware.Lastchanged
From tblAssets
  Inner Join tblAssetCustom On tblAssets.AssetID = tblAssetCustom.AssetID
  Inner Join tsysAssetTypes On tsysAssetTypes.AssetType = tblAssets.Assettype
  Inner Join tsysIPLocations On tsysIPLocations.LocationID =
    tblAssets.LocationID
  Inner Join tblState On tblState.State = tblAssetCustom.State
  Inner Join tblSoftware On tblAssets.AssetID = tblSoftware.AssetID
  Inner Join tblSoftwareUni On tblSoftwareUni.SoftID = tblSoftware.softID
  Left Join tsysOS On tsysOS.OScode = tblAssets.OScode
Where tblSoftwareUni.softwareName = 'Google Chrome' And
  tblSoftware.softwareVersion Not Like '67.%' And tblState.Statename = 'Active'
Order By tblAssets.Domain,
  tblAssets.AssetName,
  Software
dlwhite
#1dlwhite Member Posts: 2  
posted: 6/1/2018 2:48:05 PM(UTC)
I seem to get this error:
Invalid SELECT statement. Unexpected token " Inner" at line 21, pos 1.: Unexpected token " Inner" at line 21, column 1
montgomeryam
#2montgomeryam Member Posts: 3  
posted: 6/1/2018 4:19:18 PM(UTC)
This is also only for Windows Assets. I used UNION to include both Mac and Linux Assets.
ChopperDave
#3ChopperDave Member Posts: 3  
posted: 6/1/2018 5:12:58 PM(UTC)
The way this is pulling the version isn't reliable. The software version is not accurate. You need to add a registry scan for RegPath: SOFTWARE\WOW6432Node\Google\Update\Clients\{8A69D345-D564-463c-AFF1-A69D9E530F96} and RegValue: pv

Then change the report to pull from that:
Code:
Where tblSoftwareUni.softwareName = 'Google Chrome' And
tblRegistry.Value Not Like '67.%' And tblSoftware.softwareVersion Not Like
'67.%' And tblState.Statename = 'Active' And tblRegistry.Regkey Like
'%SOFTWARE\WOW6432Node\Google\Update\Clients\{8A69D345-D564-463c-AFF1-A69D9E530F96}'


Not sure if that works for all versions of Chrome, but it has for all the 66.x and 65.x versions that have been installed at our office.
kjohnson
#4kjohnson Member Posts: 5  
posted: 6/1/2018 5:14:21 PM(UTC)
Originally Posted by: montgomeryam Go to Quoted Post
This is also only for Windows Assets. I used UNION to include both Mac and Linux Assets.


Can you post the code for this please. I am not sure what you mean by you use "UNION". I need to see all vulnerable devices whether Windows, Mac, or Linux on my system and I have all three systems within my environment. Thanks
montgomeryam
#5montgomeryam Member Posts: 3  
posted: 6/1/2018 5:20:08 PM(UTC)
Quote:
Originally Posted by: kjohnson Go to Quoted Post
Originally Posted by: montgomeryam Go to Quoted Post
This is also only for Windows Assets. I used UNION to include both Mac and Linux Assets.


Can you post the code for this please. I am not sure what you mean by you use "UNION". I need to see all vulnerable devices whether Windows, Mac, or Linux on my system and I have all three systems within my environment. Thanks


Happy to!

This is what I did. I fit it to our needs, so it might not be what you want, but should give you a good example of how to use a UNION.

Code:

Select Top 1000000
tblAssets.AssetID,
tblAssets.AssetName,
tsysAssetTypes.AssetTypename As [Asset Type],
Coalesce(tsysOS.Image, tsysAssetTypes.AssetTypeIcon10) As icon,
tblAssets.IPAddress,
tsysOS.OSname As OS,
tblSoftwareUni.softwareName As Software,
tblSoftware.softwareVersion As Version
From tblAssets
Inner Join tblAssetCustom On tblAssets.AssetID = tblAssetCustom.AssetID
Inner Join tsysAssetTypes On tsysAssetTypes.AssetType = tblAssets.Assettype
Inner Join tsysIPLocations On tsysIPLocations.LocationID =
tblAssets.LocationID
Inner Join tblState On tblState.State = tblAssetCustom.State
Inner Join tblSoftware On tblAssets.AssetID = tblSoftware.AssetID
Inner Join tblSoftwareUni On tblSoftwareUni.SoftID = tblSoftware.softID
Left Join tsysOS On tsysOS.OScode = tblAssets.OScode
Where tblSoftwareUni.softwareName = 'Google%Chrome' And
tblSoftware.softwareVersion < '67.%' And tblState.Statename = 'Active'
UNION
Select Top 1000000
tblAssets.AssetID,
tblAssets.AssetName,
tsysAssetTypes.AssetTypename As [Asset Type],
tsysAssetTypes.AssetTypeIcon10 As icon,
tblAssets.IPAddress,
tblMacOSInfo.SystemVersion As OS,
tblSoftwareUni.softwareName As Software,
tblMacApplications.Version As Version
From tblAssets
Inner Join tblMacOSInfo On tblMacOSInfo.AssetID = tblAssets.AssetID
Inner Join tblAssetCustom On tblAssets.AssetID = tblAssetCustom.AssetID
Inner Join tsysAssetTypes On tsysAssetTypes.AssetType = tblAssets.Assettype
Inner Join tsysIPLocations On tsysIPLocations.LocationID =
tblAssets.LocationID
Inner Join tblState On tblState.State = tblAssetCustom.State
Inner Join tblMacApplications
On tblAssets.AssetID = tblMacApplications.AssetID
Inner Join tblSoftwareUni On tblSoftwareUni.SoftID = tblMacApplications.softid
Where tblState.Statename = 'Active'
and
softwareName like 'google%chrome%'
and
Version < '67.%'
UNION
Select Top 1000000
tblAssets.AssetID,
tblAssets.AssetName,
tsysAssetTypes.AssetTypename As [Asset Type],
tsysAssetTypes.AssetTypeIcon10 As icon,
tblAssets.IPAddress,
tblLinuxSystem.OSRelease As OS,
tblSoftwareUni.softwareName As Software,
tblLinuxSoftware.Version As Version
From tblAssets
Inner Join tblAssetCustom On tblAssets.AssetID = tblAssetCustom.AssetID
Inner Join tsysAssetTypes On tsysAssetTypes.AssetType = tblAssets.Assettype
Inner Join tsysIPLocations On tsysIPLocations.LocationID =
tblAssets.LocationID
Inner Join tblState On tblState.State = tblAssetCustom.State
Inner Join tblLinuxSoftware On tblAssets.AssetID = tblLinuxSoftware.AssetID
Inner Join tblSoftwareUni On tblSoftwareUni.SoftID =
tblLinuxSoftware.SoftwareUniID
Inner Join tblLinuxSystem On tblAssets.AssetID = tblLinuxSystem.AssetID
Where tsysAssetTypes.AssetTypename = 'Linux'
And
tblState.Statename = 'Active'
and
softwareName like '%chrome%'
and
tblLinuxSoftware.Version < '67.%'
Esben.D
#6Esben.D Member Administration Original PosterPosts: 1,933  
posted: 6/4/2018 8:29:02 AM(UTC)
Originally Posted by: dlwhite Go to Quoted Post
I seem to get this error:
Invalid SELECT statement. Unexpected token " Inner" at line 21, pos 1.: Unexpected token " Inner" at line 21, column 1


Most likely you accidentally copied a space or other character with the query. Try copying the code again.
Dennis B
#7Dennis B Member Posts: 4  
posted: 6/13/2018 3:04:05 PM(UTC)
When I run this report, it shows all of my desktop PCs and their Chrome versions, even the ones that have updated themselves to a non-vulnerable version.

Is that the intended result of this report? I feel that I created the report correctly - copied / pasted into a new report - or is something not working properly.

Thanks,
montgomeryam
#8montgomeryam Member Posts: 3  
posted: 6/13/2018 3:11:50 PM(UTC)
Originally Posted by: Dennis B Go to Quoted Post
When I run this report, it shows all of my desktop PCs and their Chrome versions, even the ones that have updated themselves to a non-vulnerable version.

Is that the intended result of this report? I feel that I created the report correctly - copied / pasted into a new report - or is something not working properly.

Thanks,



The original report is set to look for anything that is not Chrome 67.% so you will see everything that doesn't match that, including host that have patched past 67.0.

I would recommend to change this line in your report:
Code:
Where tblSoftwareUni.softwareName = 'Google Chrome' And
tblSoftware.softwareVersion Not Like '67.%' And tblState.Statename = 'Active'


to

Code:
Where tblSoftwareUni.softwareName = 'Google Chrome' And
tblSoftware.softwareVersion < '67.%' And tblState.Statename = 'Active'


Esben.D
#9Esben.D Member Administration Original PosterPosts: 1,933  
posted: 6/13/2018 3:51:03 PM(UTC)
Originally Posted by: montgomeryam Go to Quoted Post
The original report is set to look for anything that is not Chrome 67.% so you will see everything that doesn't match that, including host that have patched past 67.0.


Good point. I'll update the main post to make this more clear. However, the official latest release at this moment is still 67.0.3396.87 for which the original report should work fine.
Dennis B
#10Dennis B Member Posts: 4  
posted: 6/13/2018 7:39:07 PM(UTC)
Originally Posted by: montgomeryam Go to Quoted Post
Originally Posted by: Dennis B Go to Quoted Post
When I run this report, it shows all of my desktop PCs and their Chrome versions, even the ones that have updated themselves to a non-vulnerable version.

Is that the intended result of this report? I feel that I created the report correctly - copied / pasted into a new report - or is something not working properly.

Thanks,



The original report is set to look for anything that is not Chrome 67.% so you will see everything that doesn't match that, including host that have patched past 67.0.

I would recommend to change this line in your report:
Code:
Where tblSoftwareUni.softwareName = 'Google Chrome' And
tblSoftware.softwareVersion Not Like '67.%' And tblState.Statename = 'Active'


to

Code:
Where tblSoftwareUni.softwareName = 'Google Chrome' And
tblSoftware.softwareVersion < '67.%' And tblState.Statename = 'Active'




Thanks. I'll give it a try.

Active Discussions

Lansweeper Physical Disk Size
by  RC62N   Go to last post Go to first unread
Last post: Yesterday at 5:18:38 PM(UTC)
Lansweeper AD User report
by  GMcCartney  
Go to last post Go to first unread
Last post: Yesterday at 12:07:22 PM(UTC)
Lansweeper PC Build Report Missing Software
by  Andy.S   Go to last post Go to first unread
Last post: Yesterday at 10:28:40 AM(UTC)
Lansweeper Creat report ALL office (ms officce,libreoffice,openoffice)
by  RC62N  
Go to last post Go to first unread
Last post: 11/15/2019 9:58:33 PM(UTC)
Lansweeper How to Report on Dynamic Asset Groups
by  Rob-CD   Go to last post Go to first unread
Last post: 11/15/2019 11:49:22 AM(UTC)
Lansweeper Custom All Assets Report Help
by  Matt Fuhrman  
Go to last post Go to first unread
Last post: 11/14/2019 3:55:25 PM(UTC)
Report Center Calculate your network's computing power
by  GBInnovation   Go to last post Go to first unread
Last post: 11/13/2019 12:11:18 PM(UTC)
Lansweeper Patch Tuesday report, last 3 months
by  JacobH  
Go to last post Go to first unread
Last post: 11/12/2019 5:28:37 PM(UTC)