Chrome 104 Audit

Find Outdated Chrome Installations

Google released Chrome 104. In this release, Google fixed 27 security issues and added additional features. The new features include:

  • Chrome 104 increases the nesting threshold for setTimeouts and setIntervals.
  • Chrome sends Private Network Access preflights for subresources.
  • Privacy Sandbox updates.
  • Improved first run experience on iOS with fewer steps and a more intuitive way to sign into Chrome.
  • Chrome 104 no longer supports OS X 10.11 and macOS 10.12, as they are no longer supported by Apple. Users have to update their operating systems in order to continue running Chrome browser.
  • Changes in cookie expiration date limit. Newly set or refreshed cookies have their expiration date limited to no more than 400 days in the future.
  • Intent to remove: Legacy Client Hint mode. The Android behavior now replicates that of all other platforms, which is to only delegate to the first party frame and subresources by default.
  • U2F API is no longer supported.
  • Improved first run experience changes on Windows with a different sequence of onboarding steps.
  • New calendar integration on iOS allows users to add the event to their calendar without switching apps.
  • HTTPS-First mode for iOS attempts to upgrade all navigations to HTTPS.
  • Block iframe contexts navigating to filesystem: URLs.
  • Preconnecting on downpressed links to increase page loading performance.
  • New and updated policies in Chrome browser.

More details on all of these features can be found on the Chrome Status page. As always, Google takes its time with putting out a larger blog post covering the most important changes however, you can find a very brief summary on the Chrome release page.

With the report below, you can easily find which computers in your network do not have this latest Chrome version installed. Simply run the report to get a complete overview of your environment.

Run our Chrome 104 Query

Select Top 1000000 tblAssets.AssetID,
tblAssets.AssetName,
tblAssets.Domain,
tsysAssetTypes.AssetTypename As AssetType,
tblAssets.Username,
tblAssets.Userdomain,
tsysAssetTypes.AssetTypeIcon10 As icon,
tblAssets.IPAddress,
tblSoftwareUni.softwareName As Software,
tblSoftware.softwareVersion As Version,
tblSoftwareUni.SoftwarePublisher As Publisher,
Case
When Cast(ParseName(tblSoftware.softwareVersion, 4) As int) > 104 Then
'Up to date'
When Cast(ParseName(tblSoftware.softwareVersion, 4) As int) = 104 And
Cast(ParseName(tblSoftware.softwareVersion, 2) As int) > 5112 Then
'Up to date'
When Cast(ParseName(tblSoftware.softwareVersion, 4) As int) = 104 And
Cast(ParseName(tblSoftware.softwareVersion, 2) As int) = 5112 And
Cast(ParseName(tblSoftware.softwareVersion, 1) As int) >= 79 Then
'Up to date'
Else 'Out of date'
End As [Patch Status],
tsysIPLocations.IPLocation,
tblAssetCustom.Manufacturer,
tblAssetCustom.Model,
tsysOS.OSname As OS,
tblAssets.SP,
tblAssets.Lastseen,
tblAssets.Lasttried,
tblSoftware.Lastchanged,
Case
When Cast(ParseName(tblSoftware.softwareVersion, 4) As int) > 104 Then
'#d4f4be'
When Cast(ParseName(tblSoftware.softwareVersion, 4) As int) = 104 And
Cast(ParseName(tblSoftware.softwareVersion, 2) As int) > 5112 Then
'#d4f4be'
When Cast(ParseName(tblSoftware.softwareVersion, 4) As int) = 104 And
Cast(ParseName(tblSoftware.softwareVersion, 2) As int) = 5112 And
Cast(ParseName(tblSoftware.softwareVersion, 1) As int) >= 79 Then
'#d4f4be'
Else '#ffadad'
End As backgroundcolor
From tblAssets
Inner Join tblAssetCustom On tblAssets.AssetID = tblAssetCustom.AssetID
Inner Join tsysAssetTypes On tsysAssetTypes.AssetType = tblAssets.Assettype
Inner Join tsysIPLocations On tsysIPLocations.LocationID =
tblAssets.LocationID
Inner Join tblState On tblState.State = tblAssetCustom.State
Inner Join tblSoftware On tblAssets.AssetID = tblSoftware.AssetID
Inner Join tblSoftwareUni On tblSoftwareUni.SoftID = tblSoftware.softID
Left Join tsysOS On tsysOS.OScode = tblAssets.OScode
Where tblSoftwareUni.softwareName Like '%Google Chrome%' And
tblSoftwareUni.SoftwarePublisher Like '%Google%' And tblState.Statename =
'Active'

Google Chrome 104 CVE Codes

SeverityCVEDescription
HighCVE-2022-2603Use after free in Omnibox.
HighCVE-2022-2604Use after free in Safe Browsing.
HighCVE-2022-2605Out of bounds read in Dawn.
HighCVE-2022-2606Use after free in Managed devices API.
HighCVE-2022-2607Use after free in Tab Strip.
HighCVE-2022-2608Use after free in Overview Mode.
HighCVE-2022-2609Use after free in Nearby Share.
MediumCVE-2022-2610Insufficient policy enforcement in Background Fetch.
MediumCVE-2022-2611Inappropriate implementation in Fullscreen API.
MediumCVE-2022-2612Side-channel information leakage in Keyboard input.
MediumCVE-2022-2613Use after free in Input.
MediumCVE-2022-2614Use after free in Sign-In Flow.
MediumCVE-2022-2615Insufficient policy enforcement in Cookies.
MediumCVE-2022-2616Inappropriate implementation in Extensions API.
MediumCVE-2022-2617Use after free in Extensions API.
MediumCVE-2022-2618Insufficient validation of untrusted input in Internals.
MediumCVE-2022-2619Insufficient validation of untrusted input in Settings.
MediumCVE-2022-2620Use after free in WebUI.
MediumCVE-2022-2621Use after free in Extensions.
MediumCVE-2022-2622Insufficient validation of untrusted input in Safe Browsing.
MediumCVE-2022-2623Use after free in Offline.
MediumCVE-2022-2624Heap buffer overflow in PDF.

 

Audit and Take Action in 3 Easy Steps

1. Download & Install Lansweeper

3. Run the Audit & Take Action

Download Lansweeper to Run this Audit