Chrome 97 Audit

Find Outdated Chrome Installations

Google released Chrome 97 In this release, Google fixed 37 security issues and added additional features. The new features includes a feature policy for the keyboard API. Late newline normalization in form submission, Support calc(<number>) where only accepts <integer>, transform: perspective(none), HTMLScriptElement.supports(type) method, Array and TypedArray findLast and findLastIndex and WebTransport, PermissionStatus.prototype.name, and Propagate request origin and redirect chain in passthrough service workers. Details on all of these features can be found on the Chrome Status page.

Unfortunately, it seems the Chrome blog post is taking a while to put together, so until then we'll have to do with the brief listing on the Chrome release page.

Regarding security, Google fixed the following vulnerabilities disclosed by external researchers:

  • Critical CVE-2022-0096: Use after free in Storage.
  • High CVE-2022-0097: Inappropriate implementation in DevTools.
  • High CVE-2022-0098: Use after free in Screen Capture.
  • High CVE-2022-0099: Use after free in Sign-in.
  • High CVE-2022-0100: Heap buffer overflow in Media streams API.
  • High CVE-2022-0101: Heap buffer overflow in Bookmarks.
  • High CVE-2022-0102: Type Confusion in V8.
  • High CVE-2022-0103: Use after free in SwiftShader.
  • High CVE-2022-0104: Heap buffer overflow in ANGLE.
  • High CVE-2022-0105: Use after free in PDF.
  • High CVE-2022-0106: Use after free in Autofill.
  • Medium CVE-2022-0107: Use after free in File Manager API.
  • Medium CVE-2022-0108: Inappropriate implementation in Navigation.
  • Medium CVE-2022-0109: Inappropriate implementation in Autofill.
  • Medium CVE-2022-0110: Incorrect security UI in Autofill.
  • Medium CVE-2022-0111: Inappropriate implementation in Navigation.
  • Medium CVE-2022-0112: Incorrect security UI in Browser UI.
  • Medium CVE-2022-0113: Inappropriate implementation in Blink.
  • Medium CVE-2022-0114: Out of bounds memory access in Web Serial.
  • Medium CVE-2022-0115: Uninitialized Use in File API.
  • Medium CVE-2022-0116: Inappropriate implementation in Compositing.
  • Low CVE-2022-0117: Policy bypass in Service Workers.
  • Low CVE-2022-0118: Inappropriate implementation in WebShare.
  • Low CVE-2022-0120: Inappropriate implementation in Passwords.

With the report below, you can easily find which computers in your network do not have this latest Chrome version installed. Simply run the report to get a complete overview of your environment.

 

Run our Chrome 97 Query

Select Top 1000000 tblAssets.AssetID,
tblAssets.AssetName,
tblAssets.Domain,
tsysAssetTypes.AssetTypename As AssetType,
tblAssets.Username,
tblAssets.Userdomain,
tsysAssetTypes.AssetTypeIcon10 As icon,
tblAssets.IPAddress,
tblSoftwareUni.softwareName As Software,
tblSoftware.softwareVersion As Version,
tblSoftwareUni.SoftwarePublisher As Publisher,
Case
When Cast(SubString(tblSoftware.softwareVersion, 0, 3) As INT) > 97 Then
'Up to date'
When Cast(SubString(tblSoftware.softwareVersion, 0, 3) As INT) = 97 And
Cast(SubString(tblSoftware.softwareVersion, 6, 4) As INT) > 4692
Then 'Up to date'
When Cast(SubString(tblSoftware.softwareVersion, 0, 3) As INT) = 97 And
Cast(SubString(tblSoftware.softwareVersion, 6, 4) As INT) = 4692
And Cast(SubString(tblSoftware.softwareVersion, 11, 4) As INT) >= 71 Then
'Up to date'
Else 'Out of date'
End As [Patch Status],
tsysIPLocations.IPLocation,
tblAssetCustom.Manufacturer,
tblAssetCustom.Model,
tsysOS.OSname As OS,
tblAssets.SP,
tblAssets.Lastseen,
tblAssets.Lasttried,
tblSoftware.Lastchanged,
Case
When Cast(SubString(tblSoftware.softwareVersion, 0, 3) As INT) > 97 Then
'#d4f4be'
When Cast(SubString(tblSoftware.softwareVersion, 0, 3) As INT) = 97 And
Cast(SubString(tblSoftware.softwareVersion, 6, 4) As INT) > 4692
Then '#d4f4be'
When Cast(SubString(tblSoftware.softwareVersion, 0, 3) As INT) = 97 And
Cast(SubString(tblSoftware.softwareVersion, 6, 4) As INT) = 4692
And Cast(SubString(tblSoftware.softwareVersion, 11, 4) As INT) >= 71 Then
'#d4f4be'
Else '#ffadad'
End As backgroundcolor
From tblAssets
Inner Join tblAssetCustom On tblAssets.AssetID = tblAssetCustom.AssetID
Inner Join tsysAssetTypes On tsysAssetTypes.AssetType = tblAssets.Assettype
Inner Join tsysIPLocations On tsysIPLocations.LocationID =
tblAssets.LocationID
Inner Join tblState On tblState.State = tblAssetCustom.State
Inner Join tblSoftware On tblAssets.AssetID = tblSoftware.AssetID
Inner Join tblSoftwareUni On tblSoftwareUni.SoftID = tblSoftware.softID
Left Join tsysOS On tsysOS.OScode = tblAssets.OScode
Where tblSoftwareUni.softwareName Like '%Google Chrome%' And
tblSoftwareUni.SoftwarePublisher Like '%Google%' And tblState.Statename =
'Active'

Audit and Take Action in 3 Easy Steps

1. Download & Install Lansweeper

3. Run the Audit & Take Action

Download Lansweeper to Run this Audit

Harness the Power of Reporting