In this era of security concerns we are not at all safe but keeping our clients happy is our foremost duty. So recently Google issued a statement of the dangerous void and the year’s first Zero-day threat. The newly installed updates won’t affect the servers but the old version of Google chrome is mainly vulnerable to this threat. Hence we need to understand how we will identify the lurking threat by detecting the server with old Google version.
CVE-2022-0609 – rated high severity by Google
The flaw is a “use after free” weakness (CWE-416) in the Animation component that, if successfully exploited, could corrupt valid data and allow arbitrary code to be executed on affected systems.
After-free vulnerabilities are frequently exploited to execute arbitrary code on unpatched victim systems or to escape the browser’s security sandbox.
On machines running unpatched Chrome versions, successful exploitation of this issue could allow attackers to run arbitrary code.
Workarounds / Solutions
To fix CVE-2022-0609, follow these instructions from Google (which are also linked below for your convenience):
Google Chrome > Help > About Google Chrome (from the Chrome menu)
How to detect Chrome Zero-day vulnerable devices using PowerShell?
It is complicated if we sit and decide whether this server is installed with chrome and with a vulnerable version. Hence I have created a simple script that identifies chrome installed with the version so that we can decide whether we need an update or not.
#Step 1
In $filepath mention the path of the server list in the text format.
The if condition detects whether we are mentioning the path correctly or not.
-Erroraction Stop indicates if the script path is wrong the PowerShell script will stop.
$filepath= "C:\Users\administrator\Desktop\servers.txt"
if ((Test-Path $filepath) -eq $true) {
$servers = Get-Content $filepath -ErrorAction Stop
#Step 2
If you are following me you should be not amazed to see again Foreach. If you are still not clear about Foreach then you should check this link out.
$output is kept empty so that this can be filled with our results generated in each loop.
The if condition will check whether we are able to connect the server from source to destination over the port 5985, this is because we are querying over the remote server via WinRm. As we are using invoke-command it is necessary to query over 5985. If it fails to connect over that port then we have to manually check the server and identify the google version.
$version will collect the presence of google chrome and with the help of filtering we will get the versio details. This is an amazing filter which you can use to get the details of any application installed.
Now $output will be having the result as (Computer name, Chrome version) and this $output will be fetched into a csv or text file.
foreach ($server in $servers) {
$output = ""
Write-Host -ForegroundColor Yellow "Checking Port status for server" $server
if((Test-NetConnection -computername $server -Port 5985).TcpTestSucceeded -eq 'True'){
Write-Host -ForeGroundColor Green "Port Connection Successful : $server, Fetching information..."
$output = Invoke-Command -ComputerName $server -ScriptBlock {
$Version = Get-ItemProperty HKLM:\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* |where {$_.Displayname -like 'google chrome'} |Select-Object DisplayVersion
$output = $env:COMPUTERNAME+","+$Version.DisplayVersion
return $output
}
$output | Out-File -FilePath "C:\Users\administrator\Desktop\chromeversion.csv" -Append -Force}
#Step 3
In this else condition if the port is not opened between the source and destination server then the $output will be $server, WinRM issue.
The $output value will be added to the same file as in #Step 2.
You must be wondering why I have used $env:computername in #Step2 and not in #Step3, but let me tell you both are the same as we are looping from the list of servers.
The last else condition is for the if condition we have used in the #Step1 and will throw us the defined error.
else { Write-Host -ForeGroundColor red "Port is not Open from the server you are running Script for Destination $server"
$output = "$server,WinRm Issue"
$output | Out-File -FilePath "C:\Users\administrator\Desktop\chromeversion.csv" -Append -Force
}
}
}
else {Write-Host -ForegroundColor Black -BackgroundColor Red "input server file not found "}
Conclusion
I hope you have liked the post Detect Chrome Zero-day vulnerable servers using PowerShell and will implement this whenever it is required. Things you should always remember is to try with one server so that it will be easy for you to make changes. Let me know if you want a blog post on some other script that might amaze you.
We are working continuously to provide you with the better and the best scripts daily. We will publish weekly hence don’t forget to subscribe to our newsletter.