I realise the generic nature of this post and I apologise in advance.
Let's say for instance we were on v58, what resources are out there to "prove our point" that it's insecure and we should upgrade?
Asked
Active
Viewed 1,302 times
2 Answers
5
Search for the vulnerabilities for Chrome 54.
For example, there's a potential remote code execution on versions earlier than 62. If an attacker sends a specially crafted HTML page to anyone using the vulnerable version, he can execute code remotely, no download required. All your organization will be vulnerable to a Drive-By Download attack.
If the payload includes a ransomware, you have to choose between losing a lot of data and productivity time and paying perhaps a hefty ransom.
In some cases, enterprise products will not run on newer versions for different reasons. In this cases, you must make sure that the computers running the old versions are shielded from the internet and deployed on a quarantined area.
But it's strongly advised to update software as soon as possible, and in case of internet facing software (like browsers and email clients) as soon as any update is available.
ThoriumBR
- 53,925
- 13
- 135
- 152
2
There are lists of vulnerabilities for most products.
Chrome also keeps release notes on each release. Those include security references.
But, frankly, if the big red icon saying "update now for security fixes" is not enough for management, then you might need to dig deeper into what their concerns actually are.
schroeder
- 129,372
- 55
- 299
- 340