The Wake-Up Call: A Vulnerability Alert

In the ever-evolving landscape of cybersecurity, staying ahead of vulnerabilities is not just an option, but a necessity. One of the most common offenders in the realm of security risks is outdated software, and a recent encounter with my system’s Wazuh agent shed light on this very issue. It reported a staggering 140 high vulnerabilities, all stemming from an outdated Google Chrome version (112, with the latest being 120). What was more alarming was the fact that, due to my switch to Microsoft Edge and Safari, Chrome was left unattended and outdated, turning into a significant security risk.

The Strategic Response: Crafting a Solution

The challenge with software like Google Chrome is its reliance on user interaction for updates. Not using the browser meant its auto-update feature was inactive, leaving a gaping hole in my system’s security. This is where the power of automation and smart tools came into play. Utilizing the capabilities of ChatGPT 4, I was able to craft a remediation script with relative ease. However, this script was no ordinary one; it intelligently checked for the presence of Google Chrome and used the Google Chrome Version History API to verify the current version against the latest. If found outdated, it would download the current stable version and update the system’s Chrome application.

Execution and Validation: Remote Management in Action

Execution and validation of this script were made possible through my Remote Monitoring Management tool, Level. With it, I could remotely deploy, execute, and validate the script’s effectiveness in updating Google Chrome. However, a moment of reflection led me to a decisive conclusion – the complete removal of Google Chrome from my system. Since my primary browsers had shifted to Microsoft Edge and Safari, eliminating Chrome altogether was a viable option to remediate the vulnerability permanently.

Spotlight on level.io: The New Kid on the Block

Level has emerged as a robust and cost-effective Remote Monitoring and Management (RMM) tool, particularly advantageous for home labs and small-scale operations. Its attractiveness lies not only in its comprehensive functionality but also in its affordability — at just $20 per month, it covers up to 15 machines, making it an ideal choice for personal use or small businesses. One of Level’s key strengths is its versatility; it seamlessly integrates with Windows, macOS, and Linux systems, ensuring a broad compatibility range. Users benefit from features such as remote desktop access, system monitoring, automatic system updates (yes, including Linux!), AND automated script execution — all essential for efficient vulnerability management. As a relatively new entry into the RMM space, Level is quickly gaining recognition for its user-friendly interface and robust feature set, making it a noteworthy tool for those seeking a reliable and budget-friendly RMM solution, and a great option to understand the robust capabilities of RMMs. They have a packed Roadmap, and I look forward to seeing how the product develops.

Embracing the Power of Scripting: A Non-Programmer’s Journey

Here’s an intriguing personal revelation: I am in no way, shape, or form a programmer. The power of scripting was a recent discovery for me, with its potential only becoming apparent in March of 2023, before GPT-4. Before GPT-4, there were quite a few issues that would come from the scripts that AI would write; however, this also helped me to learn how the scripts were actually working. My journey underscores the accessibility and power of automation through AI, even for those who have not traditionally engaged in programming historically. By leveraging tools like ChatGPT and other open source models, I’ve managed to enhance system security and my own skillset significantly without a background in or formal training in coding. It’s a testament to the era we live in, where technology empowers individuals to achieve more with less, transforming complex tasks into manageable ones.

Lessons Learned: The Importance of Vigilance

This experience highlights a crucial lesson for System and Security Administrators: the importance of knowing what software is installed on systems. An unnoticed application can introduce unforeseen vulnerabilities, making it imperative to regularly audit and monitor installed software. Moreover, restricting end-user administrative privileges can significantly reduce the risk of unauthorized software installations, further securing the system.

Conclusion: Proactive Measures Are Key

In conclusion, the journey from detecting a vulnerability to effectively remediating it demonstrates the importance of proactive measures and the use of advanced tools. Whether it’s through automation scripts or strategic tool utilization, addressing software vulnerabilities promptly is essential. It ensures the security and integrity of systems, protecting valuable data and infrastructure from potential threats.

I think it’s safe to say that Firefox is next on my list (I also rarely use it except for Dell’s iDRAC solution) since my servers are a bit on the older side. 😉

Script

Here’s the remediation script that I used for Google Chrome (GitHub Link), a testament to the power of community-driven solutions and the innovative use of technology in cybersecurity. Feel free to use this in your implementations and modify as you see fit!

EDIT!!! I made a mistake in my last script…macOS will not let you install from a DMG file with the Commandline—this was an oversight on my part. I have now properly updated this to download and install with the .pkg file. The script length is significantly reduced, and works much better! I also created one for Firefox!

#!/bin/bash

# Constants
chrome_app="/Applications/Google Chrome.app"
info_plist="$chrome_app/Contents/Info.plist"
temp_pkg="/tmp/googlechrome.pkg"

# Function to get the installed version of Chrome
get_installed_version() {
    if [ -f "$info_plist" ]; then
        installed_version=$(/usr/libexec/PlistBuddy -c "Print :CFBundleShortVersionString" "${info_plist}")
        echo "$installed_version"
    else
        echo "Not Installed"
    fi
}

# Function to get the latest available version of Chrome
get_latest_version() {
    # Make a GET request to the API endpoint for macOS
    response=$(curl -s "https://versionhistory.googleapis.com/v1/chrome/platforms/mac/channels/stable/versions")

    # Parse the response using grep and awk to extract the version number
    latest_version=$(echo "$response" | grep -o '"version": "[^"]*' | grep -o '[0-9.]*' | head -1)

    if [ -z "$latest_version" ]; then
        echo "Failed to fetch the latest version"
        exit 1
    fi
    echo "$latest_version"
}

# Function to install or update Chrome using .pkg
install_or_update_chrome() {
    current_version=$(get_installed_version)
    latest_version=$(get_latest_version)
    echo "Current Version: $current_version"
    echo "Latest Version: $latest_version"

    # Compare current and latest version, install or update if necessary
    if [ "$current_version" != "$latest_version" ]; then
        echo "Installing or updating Chrome to latest version..."
        download_url="https://dl.google.com/chrome/mac/stable/accept_tos%3Dhttps%253A%252F%252Fwww.google.com%252Fintl%252Fen_ph%252Fchrome%252Fterms%252F%26_and_accept_tos%3Dhttps%253A%252F%252Fpolicies.google.com%252Fterms/googlechrome.pkg"
        echo "Downloading Chrome from: $download_url"
        curl -o "$temp_pkg" "$download_url" || { echo "Failed to download Chrome"; exit 1; }

        # Check if the downloaded file is a proper PKG
        if [ ! -s "$temp_pkg" ]; then
            echo "Downloaded file is not a valid PKG or is empty."
            exit 1
        fi

        echo "Installing the PKG..."
        sudo installer -pkg "$temp_pkg" -target / || { echo "Failed to install Chrome"; exit 1; }

        # Remove the temporary file
        rm "$temp_pkg" || { echo "Failed to remove the temporary file"; exit 1; }

        # Verify installation
        updated_version=$(get_installed_version)
        if [ "$updated_version" == "$latest_version" ]; then
            echo "Chrome has been installed/updated to version $latest_version."
        else
            echo "Installation/Update failed. Expected version $latest_version but found $updated_version."
            exit 1
        fi
    else
        echo "No update necessary. The latest version of Chrome is already installed."
    fi
}

# Execute the installation/update function
install_or_update_chrome