Last week, we published an article on a recent Chrome zero-day exploit (worth reading if you want see the history of the issue). There was a new announcement this Saturday, announcing another Chrome exploit, with the recommendation that everyone update their browser.

We have updated the J1 Query that will help you determine if anyone in your company is running an older version of the browser, prior to version 94.0.4606.61.

How to determine the potential impact of the Chrome Zero-Day exploit

For existing JupiterOne users who have enabled an endpoint integration, you can verify the status of company wide updates by running the following J1 query. Not a current JupiterOne user? You can run the query immediately when you register for our free, lifetime license. You’ll get immediate visibility to Chrome users in your company who have not updated to the latest version.

The return results will show all users who have not updated their browser and help accelerate your company’s response to the exploit.

FIND Person as person
THAT OWNS Device
(THAT (MANAGES|MONITORS) HostAgent)?
THAT (IDENTIFIED|INSTALLED) as i Application as app
WHERE 
  app.name ~= ('Chrome' or 'Chromium') AND
  i.version != "94.0.4606.61"
RETURN 
  person.displayName,
  person.email,
  i.version as chromeVersion

Stay safe. Know more, fear less. Reach out if you have any questions.