Chrome 110 and Server 2012[R2]

Is anyone else having issues with Chrome 110 and Server 2012/2012R2?

I am highly disappointed that HCL has chosen to remove OS relevance from the latest Chrome Patches. Google stated that Chrome is not only NOT supported on Win7, Win8/8.1 and Server 2012/2012R2 but it actually breaks Chrome (Pages will not load). Being that we had it added to a baseline, it now has been deployed to nearly 400 Server 2012R2 systems. Keep in mind, MS still has support on Server 2012/2012R2 until October.

We have added OS selection to our baselines and now need to find a solution to is reporting. These patches will show as missing on Server 2012/2012R2 because they can’t be installed and the content does not have OS selection.

The fixlet says “Claiming that this is not supported”, there is no claiming, it is NOT supported and breaks chrome.

I have a case open now. Removing relevance to make it simpler to patch OSes not supported by the product vendor is one thing, if the product works, but removing it for a product that it breaks is not a very wise choice. For those that chose to patch Chrome on unsupported OSes, make a copy of the patch and remove the relevance (It is what we did for Firefox). Instead, as it is now, we have to make a copy of the Fixlet, Add the relevance and hide the original package, to comply with what Google supports.

Sorry if this is coming across as a rant. I do have a question… Does anyone else see this removal of relevance as an issue?

I ran into the same problem. I just noticed that we received a newer version of Chrome in our BigFix Console today and it still has the same Important Note so HCL didn’t correct this on the latest version released.

HCL dropped the ball on this one, this is going to bite a lot of people and cause a lot of unnecessary IT resources for people to rollback/uninstall back to a 109 version.

Not only that, Chrome 109 is showing as superseded when it should still be relevant to Server 2012/2012R2

Good Point so I wonder will HCL be making the Chrome 109 patch applicable to Server 2012[R2] and mark it as no longer Superseded?

I’ve seen the open case and I know the Patch team is looking into it.

For background on removing the OS relevance, until recently Chrome claimed to not support Server operating systems at all (though Chrome had been widely deployed and used on Servers) so we had false-negatives on Chrome updates for Server platforms and associated CVEs went undetected.

In fact, it was just in August that we even started allowing Chrome update detection on server operating systems Content Modification: Updates for Windows Applications published 2022-08-04

1 Like

As an MSP we are not able to dictate what our customers choose to do. We do however tell them that Firefox is not supported on Servers and they will have to patch it some other way. This is not a huge issue because firefox updates occasionally.

Google however, we are lucky if we get fewer than 4 patches a month.

What I am hoping for is that relevance can be added to exclude Win7, Win8 and Server 2012 for Chrome 110 and greater and make the 109 patch only applicable to those OSes.

I agree in concept and will talk with the Patch content team.

Given that Google only provides a download link for the latest version of Chrome, I don’t yet know whether it’s even still possible to download 109 anymore. If we can’t get a download link it may not make sense to un-supersede the 109 Fixlets, but we may be able to at least split the 110 and higher Fixlets to only be relevant on the supported OS list, and publish a separate set of audit-only Fixlets without Actions to report the CVEs that would remain vulnerable on the Win2012 servers that keep Chrome installed.

1 Like

Ah, in fact I see we published an updated version of the Chrome 110 fixlet yesterday that excludes the older OS versions Content Modification: Updates for Windows Applications published 2023-02-13

However I have not been able to locate a working, official download for Chrome 109 that could be used to downgrade the systems that are already broken.

1 Like

Google has stated that they will issue critical patch updates to 109 if a vulnerability has known exploits in the wild, until October when 2012 goes end of life.

Yes, I read that (thanks, it is helpful), but… I haven’t seen anything yet about where those announcements would be published, or what the download links would be. If you find a place where we could still download 109 that would be helpful, so far I’ve only found it on third-party sites, or the source code in the Chromium project, but I haven’t found any official Google urls to download either the last build of 109.x or where we should expect the next 109.x patches to be published.

1 Like

I see that.

Both (New version in console today) of those still have the same statement in the description though. But the relevance is updated

exists version whose(it >= "8.1") of operating system

That is an interesting choice for a comparison. Win8 and Server 2012 are all version 6.2, 6.3

But it works

image

image

image