Download Chrome Latest Version
Nasha Goodridge
Hi @gabe_verrault
We have detected the same problem. after the last scan 3 days ago, the number of vulnerabilities found has exploded. On many Windows 10 clients (LTSB and SAC) Google Chrome version 68.73.16498 was detected and accordingly 700+ vulnerabilities were reported per client. Interestingly, on both SCCM and Nexthink this result was confirmed. Meaning that version 68.73.16498 is installed on the clients. MDATP however says that version: 89.0.4389.114 or newer is installed. Also the direct check on the client showed that a new version is installed and not 68.73.16498. I will definitely create a support case today. We apparently have over a million Chrome vulnerabilities.
Regards
David
Are you guys using PatchMyPC to deploy Google Chrome? That is what we are using and from what I understand PacthMyPC used to modify the version number in the Chrome Enterprise Edition msi file. When I open the Chrome Enterprise Edition msi file for Chrome 91.0.4472.77 the version number reported in the MSI is 68.94.77.
Hello everyone
Support has confirmed to me that this Wednesday a fix will be implemented which will fix the problem with GoogleChrome Vulns. Wanted to note this here briefly.
Best regards
David
The issue I stated earlier last week in regards to a known defect for which we will ship a release this week, on Wednesday June, 16th which will resolve the issue where we are inadvertently fingerprinting Google Chrome plugins as installations of Google Chrome thus causing False Positives in your environments.
Previously, the scan-engine and agent-based assessments only relied on the version of Chrome that was seen in the Windows Registry to make determinations about vulnerabilities. This was unreliable, as updates to (or removals of) Chrome could potentially not be reflected in the Registry and many customers reported back False Positives as a result and so we worked to change this fingerprinting methodology.
On June 2, we released a change such that instead of relying on versions in the Registry, the product now looks at the file path referenced in the Registry, and confirms the Chrome executable exists there, and uses that version instead when comparing to known affected versions of vulnerabilities. If the file does not exist we included the fall back method to still fingerprint from registry.
When it comes to Enterprise chrome installs we have to rely on the registry as an authority as the registry key itself provides no information on where the executable is located; we would have to search the entire file system to attempt to find the executable to confirm the version (why is there no yikes emoji here? ) In other words, the most notable difference for us is the complete absence of an install location field, this means that we are not able to confirm the presence of the executable on disk as the registry key contains no information to point us towards its location. In a case like this we have to refer to the registry as an authority as if we do not we simply would have to assert that there is nothing present, entirely removing all fingerprinting for Enterprise Chrome.
Hello everyone
short update from my side. Last Tuesday we scanned our entire network for vulnerabilities. The total number of Google Chrome vulnerabilities has decreased from 1.3 million to 370000. Which is a good sign that the fix has brought an improvement. Interestingly, there are still some Windows 10 clients that have an unusually high number of Google Chrome vulnerabilities. Here are a few screenshots from Rapid 7 and Microsoft 365 Defender.
In this example you can see that 3 clients have only 36 Google Chrome vulnerabilities and one client has 728 Google Chrome vulnerabilities. In this case, the outdated Chrome version 68.83.32980 is being displayed.
However, Microsoft defender shows that this client also has version 90.0.4430.212 installed.
Hey all - hope everyone is doing well! I just wanted to let you know that for the workaround our team is developing for Enterprise Chrome we are currently estimated to have a fix out for the end of the month. This could absolutely shift (I hope earlier!! ) as they go through testing but I will try my best to keep this thread updated for you all if it slips further for any reason. Have a great night!
Hi @andy_taylor
Thanks for the compliment. Since Rapid7 Nexpose does not offer any possibilities to create dashboards and the available reports are rather generic and cannot be optimally customized, I created a vulnerability dashboard using PowerBI.
The whole development took me quite a lot of time last year, but now all the effort has paid off. We in the SOC inform the system and application owners about the latest scan results, which they can then view in detail on the dashboard. For various reasons, we do not want to use insightVM at the moment.
Right now it looks like the version of JXBrowser we landed on for the other components breaks on-screen keyboard functionality in Workstation. I think they're planning to start working backwards from the newer version to see if they can find one that works for now.
To make sure you're protected by the latest security updates, Google Chrome can automatically update when a new version of the browser is available on your device. With these updates, you might sometimes notice that your browser looks different.
The browser saves your opened tabs and windows and reopens them automatically when it restarts. Your Incognito windows won't reopen when Chrome restarts. If you'd prefer not to restart right away, click Not now. The next time you restart your browser, the update will be applied.
Switching to a newer Chrome version would allow for this new pseudo-class to be used. This would make many new things possible and many already possible things much, much easier to achieve, most importantly without any JS, which would alleviate the need for having many little JS snippets running on every keystroke.
Yes, updating the Electron version is overdue. It will probably happen with the next larger public release. I guess it was not done this time because the developers were so busy with the new Canvas feature. Updating to the new Electron/Chrome version will also fix a lot of other pending bugs and quirks e.g. regarding font rendering on the Mac.
I'm developing a Lua script to access application version information found in the Windows registry, but can't find a registry key associated with the current installed version of Google Chrome Browser.
Another way although not through the registry would be to check the folders in Users/[username]/AppData/Local/Google/Chrome/Application. I have a folder with the latest version number in there. (and a folder with an older version).
I'd love to have a bit more context behind your issue here. Have you followed the instructions outlined by that error and tried to update your Google Chrome? Can you let me know what specifically happens when trying to use Shopify on Chrome?
Imogen Social Care @ Shopify
- Was my reply helpful? Click Like to let me know!
- Was your question answered? Mark it as an Accepted Solution
- To learn more visit the Shopify Help Center or the Shopify Blog
Hi Imogen, I tried to update Chrome, but I have the latest one apparently. I'm not sure if anything is different when I use Chrome. I just press " continue with unsupported browser", which is the Chrome version I am having the issue with. No similar messages when using other browsers. Just when I am using Chrome on an ipad. The ipad is updated to latest operating system, and I have cleared all cookies.
Thanks for letting me know you tried a cache/cookies clear. I may request that you do this again, as its a step we always ask to be completed when troubleshooting. Researching is showing me that these types of issues are often localized to the devices being used, which also ties in to it being a browser specific error. These errors almost always arise from cache/cookies data being saved.
So, the cause of the problem possiblly resides in the latest version of Chrome, not in Katalon Studio. If you have got any problem, you should downgrade your Chrome installation and configure it so that it does not auto-upgrade.
For forcing this update I created a policy that installs the latest version of Chrome (I downloaded it from the official Google Chrome Website). After installing, it quits the browser via script so the update can be applied.
@leonwun we have used the script below with real good results. It looks tot eh version on the device, compares itt ot he version on the Web. Updates it as needed. I did not build that script but whoever did, we thank you!
Right now we run that weekly, but when there is a critical update to be had, aka the last one, we run the policy at check in. When 75% of the devices have received the newest Chrome update, we back it off to Weekly.
Good luck to you.
Jamf's purpose is to simplify work by helping organizations manage and secure an Apple experience that end users love and organizations trust. Jamf is the only company in the world that provides a complete management and security solution for an Apple-first environment that is enterprise secure, consumer simple and protects personal privacy. Learn about Jamf.
This site contains User Content submitted by Jamf Nation community members. Jamf does not review User Content submitted by members or other third parties before it is posted. All content on Jamf Nation is for informational purposes only. Information and posts may be out of date when you view them. Jamf is not responsible for, nor assumes any liability for any User Content or other third-party content appearing on Jamf Nation.
59fb9ae87f