Share via

patching on virtual machines related to chrome

Varma 1,385 Reputation points
2024-01-03T02:53:06.5033333+00:00

We received following request about patch installation, seems to be updates are missing with respect to chrome browser. Please see following description for more details.

Description of the issue:

CVE-2023-7024 is a critical vulnerability in WebRTC which affects products utilizing the technology, such as Google Chrome. The vulnerability is a heap-based buffer overflow bug that could be exploited to result in program crashes or arbitrary code execution.

The vulnerability has been observed exploited in the wild, it is recommended to apply the patch urgently.

 

The installed program Google Chrome version 120.0.6099.111 is vulnerable to CVE-2023-7024, which exists in versions < 120.0.6099.129.

The vulnerability was found in the National Vulnerability Database (NVD) based on the CPE cpe:2.3:a:google:chrome with NVD severity: High.

The program is associated with the technology Google Chrome.

1.

Please suggest what patches to be applied to fix below issue and where and how to be applied.

2.

By placing VMs under automatic updates from Update manager , will chrome issue taken care ?

Azure Virtual Machines
Azure Virtual Machines
An Azure service that is used to provision Windows and Linux virtual machines.
7,989 questions
Azure Update Manager
Azure Update Manager
An Azure service to centrally manages updates and compliance at scale.
314 questions

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Prrudram-MSFT 25,081 Reputation points
    2024-01-03T07:20:41.7466667+00:00

    Hi @Varma

    Thank you for reaching out to the Microsoft Q&A platform.

    To fix the issue related to the CVE-2023-7024 vulnerability in Google Chrome, you need to update the Chrome browser to version 120.0.6099.129 or later. You can download the latest version of Chrome from the official website and install it on your virtual machines.

    Regarding your second question, if you have enabled automatic updates for your virtual machines through the Update Management feature in Azure, the Chrome browser may not be updated automatically along with other critical and security patches. Hence, it is recommended to check the update status of Chrome manually to ensure that it is up to date.

    If you are satisfied with the answer, please "Accept as Answer" and give a thumbs up, so that you can help others in the community looking for remediation for similar issues.

  2. Shrestha, Bikash 0 Reputation points
    2024-10-02T09:28:03.23+00:00

    can we patch third party applications like Google chrome, Firefox Dotnet from Azure Update manager

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.