Find and Remediate New Google Chrome Zero-Day Exploit Using Tanium

11.1.2019 | Boyd White

Google on October 31 disclosed two new zero-day exploits affecting Chrome and recommended an urgent update. One of these exploits is already being exploited in the wild and is referenced as CVE-2019-13720. Google stated it will roll out an update over the coming days/weeks for Windows, Mac and Linux in version 78.0.3904.87.

Tanium users can quickly find and remediate this vulnerability at enterprise scale. The following is an overview of several options available to Tanium customers.

Find vulnerable versions of Google Chrome in your environment

Use Tanium Asset to report on this vulnerability by adding Installed Applications as a simple attribute to Asset and creating a custom report to display version. Asset is ideal for reporting on comprehensive asset data and will include data for both online and offline hosts. For information on creating a report in Asset, go here.

Use Tanium Core to query and quickly search for the vulnerability for online endpoints:

Get Installed Application Version[Google Chrome] from all machines with Installed Application Version[Google Chrome] < 78.0.3904.87

To report on assets that may be offline, you may use Asset or you can save a question and issue it periodically. You may wish to include the answers for “Recent” systems by default.

Using the official CVE, Tanium Comply can help you identify and report on this vulnerability. It will be identified via a standard vulnerability scan that includes the latest updates to the Tanium Vulnerability Library (TVL). For more information on creating a report based on a vulnerability or a specific CVE, go here.

To report on this vulnerability over time, import and use the Chrome Versions gallery panel under Patch & Vulnerabilities. Patched Chrome version is 78.0.3904.87. Older versions should be considered vulnerable. For additional information on reporting using Trends, go here.

Remediating Google Chrome zero-day exploit

Use Tanium Deploy to manage Google Chrome and upgrade to the latest available version for Windows operating systems. Deploy has a Gallery available with Google Chrome preconfigured for installation. As an alternative, you can create a custom Package to deliver the updated software to your vulnerable endpoints. For information on creating a custom Package, go here.

For more information and support, reach out to your Technical Account Manager or your Tanium Community.

Interested in seeing Tanium in action? Schedule a one-to-one demo or attend our weekly webinar. Talk to our Tanium experts at our upcoming events.